5 ways doctors violate HIPAA regulations without knowing it
In the age of laptops, smart phones, social media, and text messaging, stringency around patient privacy must be a constant consideration for physicians. Here are the top five ways doctors violate HIPAA regulations without knowing it and steps they can take to decrease the occurrence of a HIPAA violation.
#1: Texting patient information – We live in an era of texting and physicians are no exception. Patient information such as test results or vital signs and symptoms are often communicated over text. Texting often results in quicker delivery of patient care – which seems harmless, but it means that the patient’s health care information now exists in cyberland and hackers may access this information. New encrypted programs have come out that allow confidential information to be safely texted, however all parties must have the system on their phones, and use it. This is an expense that many hospitals are reluctant to take on.
#2: Breaches in social situations – Accidental confidentiality breaches are especially common for physicians in small towns where everybody knows everybody. The average citizen is generally not aware of HIPAA laws and may make an innocent inquiry in social settings such as at church or community events. For example, “I saw Joan Smith in your office yesterday, I hope she’s not having problems with her heart again.” An innocent inquiry, though responding with any specific information is a violation. The physician’s best solution is to have a rehearsed comeback phrase prepared that they are comfortable with, such as, “I know Joan would appreciate seeing you, why don’t you give her a call or stop by for a visit.”
#3: Using home computers to access patient information – Most physicians have computers they use from home to access the hospital system and gather information about patients. If the computer screen is accidentally left open or if family members share the computer, it is a HIPAA violation. If a home computer is used to access the hospital system, it must be password protected with a code that only the physician knows. If the computer is a laptop, transport from home to office also poses a risk. Always transport laptops hidden out of sight, ideally locked away in the trunk, to decrease the risk of patient information being accessed and stolen.
#4: Mistakes in handling medical records – Printed medical records must be kept safe and strictly out of the public view – and that includes being locked away each night. The dynamic healthcare setting leaves many opportunities for accidental breaches. For example, a physician might leave a patient’s chart in their exam room, available for another patient to view. Electronic medical records solve this particular issue but they come with their own set of risks because hackers can find ways to hack into a system and steal patient information. It’s essential that facilities have protocols in place that diligently track the security of medical records at every step.
#5: Using social media – Social media is undeniably woven into the fabric of our daily lives, however it can cause problems for physicians who are charged with protecting their patients’ privacy and therefore must be avoided. Posting patient photos is a common violation. Even if the patient’s name is not shared, a Facebook or Twitter friend may recognize the patient and know the physician’s specialty and suddenly a patient’s privacy has been violated.
Bottom Line – Despite the best of intentions, inadvertent HIPAA violations happen and the consequences can be severe. The best solution for physicians is to always err on the side of safety. Get updated HIPAA training annually to stay aware of what exactly constitutes a violation – and it’s always a good idea to consult a risk management expert for recommendations on preventing HIPAA violations.
© 2016 Ultra Risk Advisors