HIPAA Horror Stories

The “BIG 8” Common HIPAA Violations

one-minute read

This is our 36th installment of HIPAA Horror Stories. As of this moment, we seem to be living in a real Horror Story called “COVID-19.” That’s enough to frighten us all. So, this week, we thought it would be a good time to inject a little actionable information into our regular Horror Story post. After all, this week has been scary enough.

If you want to keep up with late breaking HIPAA changes under COVID-19 check out our HIPAA News page.

The BIG EIGHT are the most basic, and easy-to-avoid Health Insurance Portability and Accountability Act (HIPAA) violations.

We present The HIPAA E-Tool®‘s  EIGHT MOST COMMON HIPAA VIOLATIONS, compiled from news reports and Health and Human Services penalties and settlements.

1.  Disclosing patient information to an authorized party AFTER patient permission expires. Yes, a patient can put a time limit on the sharing of Private Health Information (PHI). Disclosing such information after the authorization expires is a violation of the Privacy Rule.

2. Allowing reporters and members of the media to interview patients in a clinical environment.

3. Granting access to multiple patients’ PHI when only one patient’s data is needed. Access to patient data is to be as narrow as possible. Blanket access is prohibited when only a specific record is needed.

4. Discussing patient health in an insecure environment. Beware of eavesdroppers – either inadvertent or malicious – who may learn the identity and medical details in an otherwise private conversation. This goes for phone calls, too.

5. Sharing information about people 17 years old and younger without a parent or guardian’s permission. HIPAA rules are very clear about the handling of minor children’s PHI.

The Most Common HIPAA Violations Involve Digital Data or Electronic Protected Health Information (ePHI).

6. Distributing patient health details by insecure email. The people at HHS are serious about encrypted email. You must also have a Business Associate Agreement with your email provider.

7. Failing to log out of your computer programs when you leave your workstation. There are plenty of examples of clinicians who have been sloppy with PHI. Remember that unattended computers, copiers, cell phones, and any other digital device can be an invitation to snoopers.

Avoid HIPAA Violations by limiting Access To Only The Most Necessary Data

8. Providing too much information to authorized parties. An orderly, for instance, must know where to take a patient for a procedure. She doesn’t need to know the results of the procedure. Sharing that information is an illegal, unauthorized disclosure.

If any of these common HIPAA violations seem a little too close to home, give us a call.

Photo by Ani Kolleshi on Unsplash

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Don’t become a HIPAA Horror Story! HIPAA compliance is easy, when you know the rules.

Request A Demo

Copyright © 2020 The ET&C Group LLC.
The HIPAA E-Tool® is a registered trademark of The ET&C Group LLC

3534 Washington Avenue, Saint Louis, MO 63103
Terms of Service | Privacy Policy

Powered by JEMSU

You may have questions about COVID-19 and HIPAA. We have answers. 

We are open and answering questions about all the new modifications and waivers, coming from HHS, OCR, CMS, and the new CARES act.

If you need help with HIPAA during the COVID-19 pandemic, fill in the form, and we’ll get back to you.

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free