Common HIPAA Violations

    522

    Before you start asking?’ We’ll get that out of the way first. HIPAA is an acronym for Health Insurance Portability and Accountability Act of 1996. This act was passed in order to protect the health insurance of an employee should they change, or lose, their job. It also includes provisions to ensure both confidentiality and privacy of health information deemed to be identifiable. Everybody has a different medical situation, and the purpose of this article is to give a brief overview of the most common violations of the HIPAA code of practice.

    Expiration Date Violation

    Patients have the right to set their own expiration date and if confidential records are released after this date it counts as a violation

    Prompt Release Failure

    The rules laid down in HIPAA state that a patient can receive copies of their medical records on-demand electronically. It’s a violation if their request is not adhered to.

    The Improper Disposal of Records

    There is one acceptable way of disposing of medical records; shredding. Any other disposal method is a direct violation of HIPAA’s guidelines.

    Unauthorized Access

    Should a family member, co-worker etc access somebody’s medical records without clear authorization from the person involved it’s a violation. Such unauthorized access can be avoided with the use of tracking systems, clearance levels and password protection.

    Missing Signatures

    Should any HIPAA form be missing, the signature of the patient is deemed to be invalid. Releasing any information relating to this form would therefore be a violation.

    The release of information to any undesignated recipient

    Any patient information must be released only to the person whose name is on the authorization form. Whatever the circumstances, it’s a violation if it’s sent to anyone else.

    Releasing Information for the Wrong Patient

    Mistakes happen but where patients information is concerned it’s a serious violation. Staff must be extra diligent as very often there will be patients with the same, or very similar, name.

    Right to Revoke

    A right to revoke clause must be included in every piece of paperwork a patient signs. If there isn’t one the form becomes invalid and any information released as a result of this form being submitted will be a violation.

    Inadequate Storage of Health Information

    Private health information must be kept under protected storage at all times. Imagine if a laptop was stolen and simply by cracking the access code the thief had access to hundreds of medical records? Any private information which is electronically stored must be done on a secure device. Multiple passwords,file encryption etc will ensure protected storage.

    Example Scenarios of HIPAA Violations

    • Talking to family or friends about patients who are under your care in a hospital
    • Talking about private health information with colleagues when in a hospital’s public area including the lobby, cafeteria and elevator
    • Discussing any kind of private health information on a phone when in a public area
    • Failure to log off a computer after accessing private health or medical information
    • Sending an email containing confidential health information over the open Internet