Leaking information has caused plenty of public relations disasters and penalties since the Health Insurance Portability and Accountability Act (HIPAA) went into effect in 2003. The right steps can minimize these errors and easily save providers, companies, and other entities thousands or millions of dollars in damages. Here are some blunders that companies can learn from to eliminate these huge mistakes.
In California, clinical laboratories are not subject to state disclosure laws when the laboratory is not directly affiliated with a HIPAA covered entity. A patient under HIPAA however has the right to have the results in plain language when a test is ordered by the patient’s physician, in this example.
HIPAA privacy protection laws do not override more restrictive state privacy laws. In order to ensure adequate privacy protection, covered entities must be aware of applicable state laws. In California and across the country, there will be different laws that apply.
Image via Flickr by jrcherry
A screen saver is an opportunity for a HIPPA blunder because patients have access to any records on the system on many machine, once the nurse or counselor leaves the area. Manually locking the system, and using a password solves this common problem.
Further issues exist with digital data. Law360 points to mobile devices and remote access as problems. However, in the words of William Maruca, encrypted data is the answer, “if all information is encrypted, then that’s the end of it – it’s not reportable.” Encryption and data wiping programs are strong defense mechanisms.
Any medical office, regardless of how small or large, is required to name a Privacy Officer by law. It also doesn’t matter whether the position is a full-time job, as it can merely be an office manager. This is actually quite common in smaller organizations.
Image via Flickr by Elliott Brown
What will happen in emergencies and events of data loss or system errors? After all, the 2013 Texas HIPAA blunder that affected 227,000 patients is a stark reminder that data breaches can happen.
All HIPAA covered entities must have a contingency plan that encompasses a range of scenarios. It must also have an annual testing and revision process.
Some blunders in this topic came after HIPAA violations. Retraining is mandatory, in this case. HIPAA covered entities should also periodically conduct retraining sessions as well.
Penalties can be stark under the HIPAA – even for small healthcare providers. Learn from other’s mistakes to ensure secure data, and follow all privacy laws. Be proactive to avoid those disasters and penalties that come more often than necessary.