These days, it is rather simple for people to steal information from one another. From debit card pin numbers, to full identities, nothing feels safe. Sadly the same is true of the Health Insurance Portability and Accountability Act, or HIPAA. Practices of all shapes and sizes struggle regularly to keep up with the multitude of rules and regulations that have been heaped upon them since HIPAA was first formed. Practitioners have put a lot of time and money into trying to avoid any type of error by using a hipaa compliance checklist. The mistake that the usually make, is that they focus on the obvious potential violations. More often than not, the compliance violations stem from the simple things that get overlooked, or a careless error on the part of a practitioner. This ends up costing the practice considerable fines and violations. HIPAA violations are discovered everyday, but that doesn’t need to be the case. Here is a list of the most common HIPAA violations, and what you can do to prevent them from happening at your practice.
Failure to Adhere to the Authorization Expiration Date
If an expiration date is set by a patient, confidential records cannot be released after that date. Most “Practice Management Systems” provide the opportunity for locks or alerts when the expiration date has passed. Simply turning this feature on may be a quick fix. You would have to check the business associate agreement to make sure you’re in compliance.
Failure to Promptly Release Information to Patients
A patient has the right to receive electronic copies of their medical records whenever they’d like them. If for any reason this right is denied them, it is a direct violation of HIPAA.
Improper Disposal of Patient Records
Patient records must be shredded before disposal. If the patient’s records are electronic, they must be wiped from any systems that may have contained it. A case of carelessness can result in a major HIPAA violation. Using risk assessment software can help with this.
Missing Patient Signature
HIPAA forms must include a valid patient signature. If these forms are set up electronically, which many Practice Management Systems allow, signature fields must be entered before the form is accepted by the system. A small oversight that could be easily avoided by just double checking the appropriate fields.
Unauthorized Health Information Being Released
A patient has the right to release only parts of their medical records if they choose. Any part of the medical record that has not been authorized by the patient cannot be released.
Releasing the Incorrect Patient’s Information
The Practice Management System must have options in place to avoid releasing information for the wrong patient. This often occurs when patients have similar names.
Unprotected Storage of Private Health Information
Private patient information cannot be stored on unprotected devices such as smartphones, laptops, tablets or any other unprotected mobile or portable devices. Many systems today include alerts, reminders and automated procedures to cure these before they become a violation. However, if one of these devices is stolen, and there is no passcode set, the information could be easily accessible.
If you are a partner in a medical practice, be sure that policies and procedures are in place to catch potential HIPAA violations. No system is perfect, but the standards of compliance are based on best efforts. Human error is certainly a consideration, but it is important that every measure be taken to avoid violations. If you have any questions about HIPAA violations, please contact hipaa compliance software company for more information.