A violation of HIPAA regulations, even if the infraction is accidental, can be costly.
If HIPAA rules are unintentionally violated, the Office for Civil Rights assesses a $100 fine per offense. If the infraction was willful and no attempt was made to correct the problem, the fine can escalate to $50,000.
HIPAA violations can cost your institution thousands of dollars and damage the relationships you’ve worked so hard to establish with your patients. These tips can help you ensure HIPAA compliance and keep patient information safe.
1. Make Digital Safety a Priority
Technological innovations have made it easier than ever to communicate with patients and other providers, but they have also increased the risk that sensitive information may be accidentally released. In addition to encrypting software and using firewalls, you can take other measures to ensure your staff doesn’t accidentally expose confidential information. For example:
- Change computer settings so users are required to enter a password if the computer has been idle for a predetermined amount of time. This is helpful when staff members forget to log off.
- Use generic subject lines when emailing patients or providers.
- Although the text portion of the message may be encrypted, subject lines are not. Protected health information (PHI) can also be unknowingly revealed if you include sensitive information in the titles of email attachments.
- Confirm recipients also use HIPAA-compliant apps before you send any information via text. Messages don’t remain on a server when you use a secure system.
- Establish a protocol for working on patient files out of the office. A stolen or lost laptop can lead to big fines for your hospital or clinic.
- Make sure all patient information is removed from leased equipment before it is returned. Affinity Health Plan paid a $1.2 million settlement for failing to remove patient information from the hard drives of leased copiers.
2. Ban the Cameras
Taking selfies has become a daily activity for many people—even at the doctor’s office. But if a patient takes a photo that has other patients or confidential PHI in the background, you could be in violation of HIPAA regulations. Institute a photo ban that applies to both patients and staff to avoid this type of incident.
Caution your staff against posting any work-related information on social media.
3. Use the Correct Patient Contact Method
Calling a patient’s work number when they requested you call a cellphone number may seem like a minor mistake, but it’s not compliant with HIPAA. The error can be easily avoided by checking the patient’s preferred contact method before attempting to communicate with him or her.
4. Don’t Settle for a One-Time Training Program
Formal training sessions are very valuable and can provide your staff with helpful information on HIPAA regulations. However, the lessons learned can quickly be forgotten in the course of a busy day. In addition to formal classes, offer ongoing, informal training and provide plenty of real-life examples.
Keeping up with HIPAA regulations isn’t easy and can be time-consuming. But if your staff members underestimate the importance of being HIPAA-compliant or don’t understand the rules, your hospital or clinic may suffer. Sharing the latest information on maintaining patient privacy with your colleagues and staff can help you avoid expensive errors and help your institution run more smoothly.
Concerned about escalating costs? Read our free eBook, Stop the Budget Bleed: How Private Practice Physicians Can Reduce Spend.