According to Verizon’s Data Breach Investigations Report, employees caused 39% of healthcare breaches in 2021. This is in comparison to the 18% in other industries. The Health Insurance Portability and Accountability Act (HIPAA) is a topic we go over quite regularly in this series, but let’s quickly revisit what exactly it is.

LINKS:
____________________________________________

[ Ссылка ]
____________________________________________

In a nutshell, this standardized set of rules and regulations was created to help protect your health information under federal law.

Enacted in 1996, HIPAA has been in effect for more than 25 years now. With all of this time, you might think that the United States Department of Health and Human Services doesn’t see too many violations anymore. Well, you would be wrong.

Unfortunately, many HIPAA violations are the result of simple misunderstandings. Regardless, when misunderstandings go unchecked, significant harm may affect patients and employers alike. Here are 6 common violations that you should be on the lookout for.

1. Healthcare Record Snooping
Snooping through protected health information (PHI) is more common than many of us would like to believe. This consists of accessing patient health records for purposes other than those accepted by the HIPAA Privacy Rule. This includes looking through the records of: Family, friends, neighbors, etc.

2. Failure to Perform Risk Analysis
A HIPAA violation that regularly results in a financial penalty is the failure to perform a risk analysis. If this is not done regularly, organizations will have a difficult time determining whether there are any vulnerabilities to the integrity and confidentiality of PHI. They may overlook threats which leave the door wide open for potential data breaches that are otherwise preventable.

3. Failure To Apply A Risk Management Process
Performing a risk analysis is one thing, but you can’t just check the box for your compliance team and leave it at that. Any risks identified through an analysis must run through what is called a risk management process. Organizations must also apply this process in a reasonable time frame to avoid a HIPAA violation.

4. Inappropriate Disclosures of PHI
This might seem obvious but any disclosure of PHI which is not permitted under the HIPAA Privacy Rule is a direct violation. These slip ups, whether intentional or not, often attract financial penalties. This includes: Any disclosures to a patient’s employer for a purpose not intended by the Privacy Rule. Disclosures following theft or loss of data. And careless handling of protected health information/disclosing information unnecessarily.

5. Denying Patients Access to Health Records
Patients have the right to access their medical records as well as obtain copies on request. Failing to provide records, overcharging for copies of records, or flat out denying patients access to records will land you in very hot water. The HIPAA Privacy Rule also requires the response time to be no more than 15 days from the date of the request.

6. Releasing PHI To An Unauthorized Individual
When disclosing PHI to a third party, an authorization form must be present before sending. A patient must fill out this form to authorize the sharing of any information that is not permitted under the HIPAA Privacy Rule.

Healthcare employees should never let their guard down when it comes to HIPAA policies and regulations. Making sure your staff takes annual HIPAA compliance training is your first step in being proactive to avoid violations.

► Reach out to Etactics @ [ Ссылка ]
►Subscribe: [ Ссылка ] to learn more tips and tricks in healthcare, health IT, and cybersecurity.
►Find us on LinkedIn: [ Ссылка ]
►Find us on Facebook: [ Ссылка ]

#IncidentResponse #IncidentResponsePlan

свернуть