As cautious as one may think they are, unfortunately, HIPAA violations are common. Even those who are trained and vigilant in their actions may have a misunderstanding about the protocol in specific situations. It is important for healthcare professionals to routinely review their training and to ask questions if they are unsure of whether something is legally acceptable. Intentional or not, HIPAA violations are serious and will result in unwanted consequences.
A common mistake amongst medical professionals is not understanding what falls under protected health information (PHI). Legally, PHI is defined as individually identifiable health information pertaining to the past, present, and future treatment and billing of the patient. An example of this would be presenting a medical case and accidentally mentioning the patient’s name. While minor, leaking the name of the patient could lead them to be identified by anyone at the presentation.
In the digital age, portable devices are commonly used in the medical field due to their convenience. However, misplacing a phone or tablet may lead to serious breaches of sensitive information.
It is important to ensure that your devices are up to date with the latest software and security updates. All digital data should be stored properly, encrypted, and password-protected, when possible, to ensure that information is not susceptible to cyber-attacks.
Even in a secure office setting, information needs to be properly stored each time it is accessed. If you leave a digital or physical file open on your desk, it could be seen by the wrong person.
It is not uncommon for individuals to use social media on their breaks. However, it is important that any images or text pertaining to a patient is not accidentally shared. Always be mindful of what you post.
When a patient’s medical records are no longer needed, an organization will need to dispose of them thoroughly. The issue with this is the records are vulnerable to a violation if not properly handled. All physical copies should be shredded and discarded according to the organization’s procedures.
Wrongfully releasing patient information is a direct violation of HIPAA regardless of if it was accidental or purposeful. This includes speaking to the press, sharing information with family members who were not specifically designated to receive it, or even accidentally mixing up patient results.
Regardless of how close you are to a colleague, or their relationship with the said patient, PHI is still legally confidential. PHI should not be discussed with medical professionals who are not providing care to the specified individual.
HIPAA should be explicitly covered for all employees working in a medical setting. This ensures that everyone is on the same page and thoroughly understands what is expected of them. Failure to properly and frequently train your employees can contribute to a HIPAA violation.
The HIPAA minimum necessary standard prohibits the sharing of more information than is needed for the completion of a task. For example, if a general practitioner is sending patient information to a podiatrist as a part of a referral, they must take care to only include information related to the injury being treated. Sending additional records pertaining to the patient’s mental health conditions could violate HIPAA. Essentially medical professionals should not share additional information than what the recipient would reasonably need.
If you have been unknowingly violating HIPAA, immediately contact your organization’s supervisor to file a report. Individuals should also seek representation from an attorney to ensure they are legally protected in the ongoing investigation process. While reporting yourself may be intimidating, it is important to take responsibility for any breaches. Being honest and cooperative will benefit all parties involved.
While the penalties vary, those who participated in a HIPAA violation by accident will typically receive a more lenient punishment. Due to their lack of intent, someone who unknowingly violates HIPAA will most likely receive a civil penalty as opposed to a criminal one. The individual or organization will be fined up to $50,000 on the offense. Again, each case varies depending on the severity of the incident, the frequency of violations and the intent behind the action.
If you engage in a HIPAA violation by accident, it is important to follow up with a legal professional as soon as possible. A HIPAA lawyer has direct experience in dealing with these incidents, and can advise you on the proper steps to take to avoid stricter penalties. They can also guide you through reporting another individual, or even reporting the organization for the lack of adequate training on proper protocols.
Fenton Jurkowitz Law Group takes pride in protecting members of the medical community. Our attorneys for HIPAA violations will work directly with you to understand the nuances of the situation and will craft an individualized approach to minimize the consequences. Call us today at (310) 444-5244 to speak with a HIPAA lawyer.