Are your employees a threat to HIPAA compliancy?

Are your employees a threat to HIPAA compliancy?

by Yenny (SU)

According to the U.S. Department of Health and Human Services, the HIPAA Health Insurance Portability and Accountability Act of 1996 was a landmark piece of legislation issued to set national standards for the protection of specific health information. All healthcare entities that utilize, store, or maintain medical records – from hospitals to psychologist offices, are required by law to be in complete compliance with these regulations.1    

The reason that HIPPA laws have become such a major topic is because their stipulations are designed to protect patient privacy. Medical facilities have access to highly sensitive information regarding their patient’s welfare, conditions, and accidents. Under this law, patients can specify who may speak on their behalf (if anyone), and who may retrieve their personal medical information.

While it sounds like a wonderful idea in theory – HIPPA compliancy isn’t without its difficulties and caveats. When a breach of data occurs, it can cost employers significant penalties, including fines, lawsuits, criminal prosecution, and even termination of their business. The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) is responsible for enforcing these privacy statutes.2

Many associate breaches will some sort of cyber-attack (which can happen); but hacking only accounts for 14.8% of all violations.3 In reality, human error or malpractice is the cause of most compliance issues. According to a 2018 Protected Health Information Data Breach Report, 58% of incidents were the result of insider blunders – with one-third being attributed to error, and a whopping 29.5 percent related to misuse.3 According to another study of medium-to-large sized healthcare organizations, the most common cause of violations reported by participants was “snooping” by workers.2 And while there is certainly a stigma around snooping, it hasn’t received quite as much attention as it should in the news. This is because the information of at least 500 patients must be compromised in order for it to be reported.

So, what does this mean for employers owning a company in the medical field? If you fall into that category, you may be wondering what steps you can take to ensure the highest level of compliance. For starters, conduct a full risk analysis – which includes enabling or updating encryptions and firewalls to protect electronic data.4 While many companies have phased out paper files, they do still exist in many offices; if misplace or shuffled around, they can get a company into hot water. For this reason, ask that your employees double check all filing work. When it’s time to dispose of said files – remember to shred!

Technology has brought wonderful treasures to our fingertips; information that used to require a trip to the library is now in the palm of our hands. But with great power – comes great responsibility. Ask that your employees abstain from utilizing their social media accounts in the workplace. This will prevent mishaps, or unwanted posts of privileged information.

If you didn’t know already, hiring a company to help your workplace safeguard Protected Health Information (PHI) is an extremely beneficial practice. Companies such as Colington Consulting offer a full range of HIPAA compliance services to identify a company’s susceptibility to breaches – as well as guidance on which training requirements are recommended. Their experts will ensure your entire workforce is prepared to protect charts, records, and any other information they’re exposed to – as well as warn them of the consequences of noncompliance. For more information about their services, call 800-733-6379.