Welcome back to the Compliance Blog!
Let’s cover the Top 10 HIPAA mistakes and how to prevent them.
As part of HealthPoint’s ongoing Health Insurance Portability and Accountability Act of 1996 (HIPAA’s) Security Program, the HIPAA Security and Chief Information Officer, Brian Thurston, and HIPAA Privacy Officer/Director of Risk Management, Katherine Hall Chiavone, are sending out this quarterly reminder. Our reminder for the fourth quarter is all the top 10 HIPAA Violations and what you can do to prevent them!
Here are the top 10 HIPAA mistakes and how you can prevent them!
1. Lost and Stolen Devices: Keep all devices with access to Protected Health Information (PHI) (including your phone if you use the Teams or Outlook Apps) secure and report any lost or stolen items to IT and Compliance immediately.
2. Hacking: Always encrypt emails with PHI, even if they are to another HealthPoint user. If you send an unencrypted email with PHI, immediately submit a variance and report it to IT so it can be deleted.
3. Employee Dishonesty: You should only access records directly related to your job. You should not be accessing your personal record or the records of those close to you.
4. Improper Disposal: Ensure that you always dispose of PHI in the shred bins located in your clinics so those documents can be appropriately destroyed. PHI should never go in regular trash cans.
5. Third-Party Disclosure: When we have partnerships with other companies that can see our PHI (Azara, for instance), we must have a business associate agreement. This is handled by Compliance to make sure that all components are in place.
6. Release of Information: All paperwork for the release of medical information should be scanned into the patient documents folder on eCW. Remember, these are valid until death or revocation by the patient.
7. Unencrypted Data: Remember, we must encrypt all emails with PHI and only store PHI in encrypted file folders when necessary.
8. Lack of Training: You’ll find your annual HIPAA Refresher Training on Health.edu. Please complete that as soon as possible before the end of the year!
9. Unsecure Records: Remember to keep records secure. As an organization, we require computers to be locked when they are unattended or not being used. Additionally, if you work with paper records of any kind, those must be locked up when not being used.
10. Workplace Gossip: Sharing PHI between friends, family, or even coworkers in a public area or anywhere that there are unauthorized listeners can put you at risk for a HIPAA violation.
If you have any questions or concerns about HIPAA Compliance, please get in touch with Compliance@healthpoint-tx.com