Wednesday, June 7, 2017
Where Are All of These HIPAA Violations Coming From?
It seems like a pretty easy thing to avoid - HIPAA Violations. Don’t gossip about patients, show records or disclose private information to those who shouldn’t see them and make sure you have the proper set up on your home computer or phone if either are used to access medical records.
If it’s really this simple (with a few other guidelines), then why was there in excess of $22,855,300 paid out in fines for HIPAA violations last year alone, a number of which were over $1,000,000? Plus, this doesn’t include other remediation efforts for violations where it was determined a fine was not warranted. So what’s going on?
Avoiding HIPAA violations means commitment to a number of things to prevent breaches and ensure appropriate confidentiality. Of these, one of the most important boils down to training. Now that we have been held responsible for following HIPAA regulations and documenting appropriately, some organizations that have been doing this for four of five years may have become complacent in ensuring everyone in the organization knows what the need to in order to satisfy HIPAA regulations.
One of the most frequently cited HIPAA violation is the failure to train all individuals who have access to patient information. This includes — interns, volunteers, contractors and other employees. One problem is the failure to understand that all employees who can access medical information even when there is no plausible reason for them to do so must be fully trained on HIPAA compliance and avoiding breaches.
The best way to avoid a breach based on lack of training is the train everyone. It might seem inconvenient to train absolutely everyone with access to the ePHI in your company, but try to view it as an investment. The time you put in now will pay off big when the auditors come your way. Deciding your time frame for training lets you train in logical groups you choose to maintain the highest level of operation with the remaining employees.
Once you receive notification of an audit there is no time to do remedial work with every employee and stop gap measures are usually detectable during an audit. This also leaves staff feeling anxious about information they have barely had time to learn which can lead to mistakes. And where HIPAA compliance is concerned, mistakes can be costly.