Medical Professionals: Avoid these Pitfalls to Ensure HIPAA Compliance

As you are a medical professional, we will assume you would rather spend more time working with patients than ensuring your compliance with data protection. Although there are many basic things you can do to ensure compliance, since the Federal Government decided to take a proactive role in ensuring that organizations comply, it’s not as simple as it once was. You may fall into some of the traps below without due care.

Not Keeping Ahead of the Curve

Standards and requirements are under constant review thanks to changing technology and a desire to keep up with compliance standards. If you do not subject your procedures to constant review in line with legislation, and do not keep your employees up to date with their obligations, you could be falling foul of HIPAA compliance.

 

Who Can Access The Data?

Standards slip when we do what is convenient, ignoring what is not legal. To cut corners and speed up the process, do you allow clinical staff access to patient records? If so, you could be breaking the law. Only those who need to know information about a patient should be permitted to interact with it. This excludes most clinical staff who are, in some cases, allowed access to confidential data by busy employees.

 

The Water Cooler

Similarly, there have been cases of employees discussing confidential information around ears who have no need or right to hear it. This can come in the form of office gossip or using an inappropriate space (such as an open plan office) to discuss sensitive information. This is a violation of that patient’s confidentiality and right to privacy on personal data. Such information should be strictly “need to know” and discussions should take place in appropriate places.

 

Failing To Appoint a Compliance Officer

Many do not understand that medical practices are considered “non-compliant” should they fail to appoint a person to oversee security and privacy. These two titles can come under the remit of a single person. This person’s role is to ensure compliance, development and maintenance of the systems. Typically, the person appointed to this role is a Business Manager or equivalent.

 

Poor Encryption

It is inconceivable to us that an organization that works with sensitive data may use inadequate or no encryption, but there have been recorded cases. This is a serious violation of HIPAA and goes against every recommendation on data protection and patient confidentiality. Good encryption ensures maximum protection against potential hacks.