11 Ways You and Your Staff Might be Violating HIPAA
by Veronica Brattstrom
Wednesday, November 13, 2019
Snooping on healthcare records of family, friends, neighbors, co-workers, and celebrities is one of the most common HIPAA violations committed by employees.
But, did you ever wonder what other medical practices classify as common employee HIPAA violations? Our policyholders shared the following HIPAA violations that may lead to disciplinary action against an employee:
- Accessing information they do not need to know to do their job
- Sharing computer usernames/passwords
- Leaving a computer unattended allowing someone else to access or view sensitive information
- Sharing sensitive information with unauthorized individuals
- Copying sensitive information without permission
- Discussing sensitive information in an area where others might overhear the conversation
- Discussing sensitive information with unauthorized individuals
- Improper disposal of medical records
- Unauthorized release of information to family members or third parties
- Falling to encrypt portable devices allowing access to patient information
- Failure to issue notifications of breaches without unnecessary delay and no later than 60 days
What should you do when these instances occur?
- First violation: Verbal/written reprimand, retrain on your privacy/security policies
- Second violation: Written reprimand, possible suspension, retrain on privacy/security policies
- Third Violation: Termination, civil or criminal penalties as provided under HIPAA or other applicable Federal/State Law
Depending on the severity of the violation any single act may result in disciplinary action up to and including termination.
For more information on this or other risk management related topics visit https://www.psicinsurance.com/physicians/risk-management/