Catch HIPAA Violations before Privacy is Compromised

Violations of HIPAA regulations are serious. If you have compromised a patient’s protected health information, you must follow the guidelines for reporting that violation, depending on the type and scope of the breach.

However, sometimes you can catch the problem before any damage is done. It’s a violation, but not a breach-yet. If you rectify the situation quickly and easily, no patient privacy will be compromised. If it does turn out that patient data has been breached, how you responded to the incident will be a part of the analysis of the breach, and will help you if the Office for Civil Rights investigates. “When OCR comes in, they will want to know that you did everything you could to plug the gaps,” said Rick Hindmand, a healthcare attorney with McDonald Hopkins in Chicago.

Sorry, Wrong Number

When faxing patient information to other physicians or insurance companies, dialing a wrong number can have serious consequences. If the information goes to another covered entity, however, you may be able to save the day if you act promptly. Immediately phone the office where you sent the information and ask them to destroy it, said Hindmand. Be sure to keep a record that you took this action. If that patient information surfaces somewhere later, you’ll want to be able to prove that you make an effort to prevent that.

Quick Change

Password protect is crucial to protecting patient data. Even if no one ever uses it, sharing your password-or even leaving it where someone else can find it-is a HIPAA violation. If your password is compromised for any reason, change it immediately.

Go Undercover

Regular walkthroughs can help you catch potential violations that you might not be aware of. “Probe for weak spots,” advised Erika Adler, a Chicago-area lawyer specializing in regulatory and transactional healthcare law. Patient data visible on desks, charts turned face out on exam-room doors, computer screens angled so that someone other than the user can see them-these are all things that can be corrected quickly and easily before any damage is done, but you have to find them before you can fix them.

Wipe It Out

Lost computer devices, such as laptops, pads, or phones, are one of the most common ways patient privacy is breached. However, if the data is encrypted, no harm is done if the device is lost, and you are not responsible for a breach. In addition to making sure all your devices are encrypted, invest in software that can remotely wipe your devices if they are lost and use it as soon as you know a device is missing, said Hindmand.

Enforce The Rules

If an employee violates privacy intentionally, for example looking at a patient’s chart out of curiosity, the damage is already done. Adler recommended having strict written policies and making sure the employee is sanctioned when these policies are violated.