HIPAA Compliance Training – The 5 Most Common HIPAA Violations Employers May Face

HIPAA Compliance Training – The 5 Most Common HIPAA Violations Employers May Face


HIPAA Compliance Training

There are important laws put in place to safeguard patient health information. The most well-known healthcare protection law is the Health Insurance Portability and Accountability Act or HIPAA. Without proper HIPAA compliance training, employers could potentially face violations that could damage their reputation and force them to pay significant fines – ranging from $100 – $1.5 million.

Under HIPAA, healthcare providers and most other employers are required to protect and keep an employee’s personal health information confidential. HIPAA also has set conditions on how it’s applied and what type of disclosure requires patient authorization. Under HIPAA, patients have specific rights to access their health information and request copies of their medical records.

Here are the most common reasons HIPAA violations occur:

Lost or stolen devices. Theft of PHI (protected health information) through lost or stolen laptops, desktops, smartphones, and other devices that contain patient information can result in HIPAA fines. Mobile devices are the most vulnerable to theft, so be sure that they are password protected and encrypted when accessing healthcare information.

Poor handling of medical records. If a doctor’s office still uses written patient charts or records, a physician or nurse may accidentally leave a chart in the exam room, making it available for another patient to see. Printed medical records must be kept safe in a storage area, away from public view.

No authorization requirements. A written consent is required for the use or disclosure of any individual’s personal health information that is not used for treatment, payment, healthcare operations, or permitted by the Privacy Rule. If an employee is not sure, it is always best to get prior authorization before releasing any information.

Social media posts. People don’t realize that posting any healthcare information on social media is a HIPAA violation. Even if a name is not mentioned, someone may recognize the patient which makes it a breach of their privacy. The use of social media to share patient information is definitely a violation of HIPAA law.

Lack of training. An employee who is not familiar with HIPAA regulations can be at risk for a violation. HIPAA compliance training is the easiest way to avoid a violation – it’s recommended that managers, administration, and medical staff receive HIPAA compliance training.

Employers should make the privacy and security of healthcare information a priority. Employers should also be aware that some HIPAA violations could be considered misconduct and could warrant a denial of unemployment benefits.

Be sure to update your HR materials, including employee manuals and other important notice documents. It’s also wise to run HIPAA compliance training on a yearly basis to prevent any employees from committing potential violations.

Third-party administrators like Industrial U.I. can help prevent paying unemployment benefits to those that are discharged for HIPAA violations.  Contact us today to learn more about how we can help your company lower unemployment costs.