Get a great article like this in your Inbox each month


No thanks

Is your practice violating HIPAA without realizing?
Miriam Atlas | October 18, 2016

HIPAA is probably not your favorite topic to chat about in the lunchroom. Since it was enacted in 1996, HIPAA has propelled healthcare providers to invest valuable time and money in order to comply with its wide-ranging demands. From redefining work practices, training staff, upgrading core infrastructure, implementing tighter security protocols – the list never ends…

 

…But neglecting to do this, neglecting to comply, has serious consequences.

 

HIPAA Violations in the Workplace

 

It has now been 20 years since HIPAA was legislated, and there is plenty of evidence suggesting that healthcare providers have grown careless.

 

HIPAA violations are at an all time high, amounting to millions of dollars, and sometimes even incarceration for healthcare providers.

 

These security breaches are often the result of improper or careless use of new technologies. Keeping up with the ever changing world of technology is already a difficult task – and doing so while also remaining vigilant on ePHI is arguably the greatest challenge facing healthcare providers today.

 

Is it possible that your practice is violating HIPAA without even realizing it? Consider the following situation:

 

A patient is being scheduled for surgery and the scheduler’s paper calendar slips off the table and falls next to the patient. The patient bends down to pick up the calendar book to return to the scheduler, but as he is handing back the book, he inadvertently sees his friend Jack listed on the calendar – even though Jack did not want other people to know about his upcoming surgery.

 

HIPAA compliance

 

There are also less dramatic breach scenarios to consider:

  • Perhaps you use a large whiteboard in your back office, as many practices do, to show the weekly surgery schedule, with patients’ names on display for anyone to see.
  • You drive home at the end of the workday with patient-related paperwork in your car, which you intend to work on later that evening – but in doing so, you’re exposing yourself to the risk of leaking sensitive information in the event of a road accident or break-in.
  • One of your doctors urgently needs information about a patient’s procedure and asks the scheduler to text him the info. Responding to what is a totally reasonable request, text messages containing PHI are being sent back and forth between the office and the surgeons via insecure applications.

HIPAA Compliant Text Messaging and Apps

 

While advancements in technology offer huge benefits for surgeons and patients alike, they are also your biggest potential liability. Technology allows us to send and receive information quickly and easily, yet healthcare professionals working with PHI need to be more cognizant and ask themselves: Are these messages being sent securely? Are they being viewed on an encrypted device? HIPAA compliancy

 

With the majority of HIPAA violations today involving technology in general, and mobile technology in particular, here are some simple steps you can take to protect yourself and your practice:

  • Require a secure pin or password on all devices containing PHI.
  • If your device is not already encrypted, make sure that you change your settings so that it is.
    • All iOS devices are already encrypted, as long as you have a secure pin.
    • Some Android devices are also already encrypted. If your Android is not encrypted, learn how to encrypt it here.
  • A HIPAA compliant surgery calendar app can securely provide surgeons access to their schedules and relevant patient information, 24*7.
  • A HIPAA compliant messaging app (such as IM Your Doc or Doximity) can also eliminate the risk of texting or emailing PHI. It is important to ensure that all apps that may be used to send and receive PHI are HIPAA compliant.
  • To store ePHI in the office, use only firewall and password-protected servers.
  • Replace paper calendars with a shared electronic calendar, viewable only by authorized staff.

Avoid HIPAA Fines

 
Taking steps to ensure that your practice is HIPAA compliant in all ways may seem like an inconvenience. However, in light of the alternative (heavy fines, incarceration), it is certainly worth the hassle. Consider educating yourself and your staff on HIPAA compliancy, its importance, and the steps you can all take to ensure PHI is not spread outside of your practice. In addition to avoiding penalties, minimizing your practice’s risk of violating HIPAA will also ensure that you preserve your patients’ trust and provide them with the best possible care.

HIPAA compliancy
Ensure HIPAA compliancy on all devices transferring PHI.

 

 

Recommend
Surgimate staff and others recommend
Share
About the author: Miriam Atlas has been working in healthcare since she started volunteering as an EMT at the age of 16. In addition to finding ways to ease your office workload, Miriam enjoys swimming and kickboxing.
Published on October 18, 2016. All rights reserved by the author.
Get an article like this in your Inbox each month.

Response
Write a response
Thank you for sharing your thoughts with us,
we just need to look it over before it pops up on our site. Give us 24 hours
Related Articles

Looking for a pricing estimate?

Got it, thanks!

We will contact you within 24 hours to answer all of your questions.

See Surgimate live in action.

Got it, thanks!

We will contact you within 24 hours to arrange the demo.
What are you looking to achieve? You may select more than one answer.

How can we help?

Send us your details and one of our solution consultants will be in touch with you shortly.

Got it, thanks!

We will contact you within 24 hours to answer all of your questions.

Hear first hand from a
Surgimate customer

Tell us which Surgimate customer you would like to be introduced to, or describe the type of practice - the number of surgeons, speciality, PM / EHR system they’re using, or any other information that will help us find the best match for you.

Got it, thanks!

We will contact you within 24 hours to answer all of your questions.

First, please tell us
about your practice...

Got it, thanks!