5 Ways to Minimize HIPAA Liabilities

July 12th, 2019 - BC Advantage
Categories:   Acupuncture|Alternative   Allergy|Immunology   Anesthesia|Pain Management   Behavioral Health|Psychiatry|Psychology   Billing   Cardiology|Vascular   Chiropractic   Dental   Dermatology|Plastic Surgery   Emergency Medicine   Endocrinology   ENT|Otolaryngology   Gastroenterology   Home Health|Hospice   Internal Medicine   Laboratory|Pathology   Interventional Radiology   Neurology|Neurosurgery   Obstetrics|Gynecology   Oncology|Hematology   Optometry   Oral and Maxillofacial Surgery   Orthopedics   Pediatrics   Physical Medicine|Physical Therapy   Podiatry   Primary Care|Family Care   Pulmonology   Radiology   Rheumatology   Skilled Nursing   Urology|Nephrology  
0 Votes - Sign in to vote or comment.

Last year was historic for HIPAA enforcement. The HHS Office of Civil Rights collected a record $23.5 million in settlements and judgments against providers guilty of HIPAA violations. To avoid becoming part of that unwanted statistic, it’s important to pay extra close attention to five key areas of HIPAA vulnerability.

Take Advantage of Refresher Training
The best way to protect against liabilities is to continually educate and train staff. A practice may feel confident that it understands HIPAA. But while close to 90 percent of doctors believe their practices are fully compliant, at least 75 percent of them still have rudimentary questions about HIPAA. That indicates that the vast majority of providers can benefit from a HIPAA compliance refresher course. Participants should include everyone from top administrators to community volunteers. Training everyone with access to PHI isn’t just a good idea; it’s the law.

Encrypt Data
Any lost, stolen, or hacked electronic device containing protected patient information can be an expensive liability. All electronic PHI should be securely encrypted. That includes data communicated via email, text messages, and smartphone messaging apps. Even though an app like the popular WhatsApp may boast that it offers encryption, it may still lack proper authentication controls. Before using any text messaging service to communicate patient information, make sure the practice has a signed HIPAA-compliant business associate agreement with the service provider.

Control Devices
Most healthcare employees understand that they should never share passwords or log-in information. But these credentials should never even be written down. Another way that HIPAA violations frequently occur is because a computer screen is left on where unauthorized persons can see it. Front office staff and nurses may step away from a computer to handle an emergency, leaving the screen temporarily visible or photographable. Physicians sometimes make the mistake of leaving a laptop open at home, where others – including family members or friends – can see patient information. Those are innocent mistakes, but are still liabilities.

Secure Online Portals and Safeguard Paper Records
Paper records continue to represent potential liability as long as they exist. They must be securely handled and archived until shredded. Practices that have not transitioned from paper documents such as invoices and monthly statements can avoid HIPAA liability – and the effort that paper documents require – by going digital. Electronic records are easier to manage, search, store, and protect. There are fully compliant platforms that can safeguard patient records while also giving patients easier 24/7 access. That reduces liability and front office calls from patients. Patients gain greater control over their care with more transparency. A patient portal can also enhance doctor/patient interaction and communication.

Beware Social Media
Most healthcare workers know not to post photos of patients online. But sometimes sharing photos that don’t include patients can still be a liability because confidential information is accidentally included. Criminals often blow up photos that include a work station or home office, for example, to focus in on relatively obscure and minor details. A piece of paper or file in the background may contain PHI. That’s why it’s good policy to be extra vigilant regarding tweets, Facebook posts, and pictures uploaded to sites like Instagram. When in doubt, don’t upload it, share it, or talk about it.

###

Questions, comments?

If you have questions or comments about this article please contact us.  Comments that provide additional related information may be added here by our Editors.


Latest articles:  (any category)

Medicare Updates -- SNF, Neurostimulators, Ambulance Fee Schedule and more (2022-10-20)
October 27th, 2022 - CMS - MLNConnects
Skilled Nursing Facility Provider Preview Reports: Review by November 14 - Help Your Patients Make Informed Health Care Decisions - Ambulance Fee Schedule: CY 2023 Ambulance Inflation Factor & Productivity Adjustment - Compliance - Implanted Spinal Neurostimulators: Document Medical Records - Claims, Pricers, & Codes...
2023 Evaluation & Management Updates Free Webinar
October 24th, 2022 - Aimee Wilcox
Congratulations on a successful 2021 implementation of the Evaluation and Management (E/M) changes! That was a big change, but now an even bigger change is headed your way for inpatient and all other E/M categories. How great is it that almost all of the E/M categories will now be scored based on medical decision making (MDM) or total provider time? Standardized scoring and one set of E/M guidelines has the potential of bringing about a change or improvement of provider fatigue due to over regulation and documentation burden.
Are Leading Queries Prohibited by Law or Lore?
October 13th, 2022 - Erica E. Remer
AHIMA released its CDI Practice Brief Monday. At Yom Kippur services, I found myself thinking about the question Dr. Ronald Hirsch posed to me the day before. My rabbi was talking in her sermon about the difference between halacha and minhag. Halacha is law; it is the prescriptions...
2023 ICD-10-CM Guideline Changes
October 13th, 2022 - Chris Woolstenhulme
View the ICD-10-CM Guideline Changes for 2023 Chapter 19 (Injury, poisoning, and certain other consequences of external causes [S00-T88])The guidelines clarify that coders do not need to see a change in the patient’s condition to assign an underdosing code. According to the updated guidelines, “Documentation that the patient is taking less ...
Z Codes: Understanding Palliative Care and Related Z Codes
October 11th, 2022 - Gloryanne Bryant
Palliative care is often considered to be hospice and comfort care. Palliative care is sometimes used interchangeably with “comfort care” and then again sometimes with “hospice care.”  But these terms do have slightly different meanings and sometimes the meaning varies depending on who is stating it. The National...
2023 ICD-10-CM Code Changes
October 6th, 2022 - Christine Woolstenhulme, CPC, CMRS, QCC, QMCS
In 2022 there were 159 new codes; the 2023 ICD-10-CM code update includes 1,176 new, 28 revised, and 287 deleted codes, a substantial change from last year. The 2023 ICD-10-CM codes are to be used for discharges from October 1, 2022 through September 30, 2023, and for patient encounters from ...
Yes, You Have What It Takes To Lead Your Practice And Your Profession
September 20th, 2022 - Kem Tolliver
If you’ve been in any healthcare role for more than two years, you’ve seen quite a bit of change. And guess what, it’s not over. We are living and working in uncertain times. This climate requires each of us to step outside of our comfort zones to lead exactly where we stand. It’s not required of one to have a “title” to lead. What is required, however, is a willingness to trust your instincts, look for answers and rely on your team.



Home About Contact Terms Privacy

innoviHealth® - 62 E 300 North, Spanish Fork, UT 84660 - Phone 801-770-4203 (9-5 Mountain)

Copyright © 2000-2022 innoviHealth Systems®, Inc. - CPT® copyright American Medical Association