- About
- Donate or Volunteer
- Programs & Services
- Children & Young Adult Services (CYAS)
- Leisure and Lifestyle Services
- Rehabilitation Training Services
- Employment Services
- Support Group Services
- Accessibility Services
- CSCN Radio Network
- Store Services
- Clinic Services
- Events & Activities
- Call Center
- Highbrook Lodge
- Resources
HIPAA 2019 - 10 most common HIPAA violations
10 most common HIPAA violations
- Failure to adhere to the authorization expiration date. If an expiration date is set by the patient, confidential records cannot be released after that date. Most Practice Management Systems (PMS) provide for locks or alerts when the expiry date has passed; just turning that feature on may be a quick fix.
- Failure to promptly release information to patients. A patient has the right to receive electronic copies of medical records on demand.
- Improper disposal of patient records. Patient records must be shredded before disposal or electronic records wiped from any systems that may have contained it.
- Insider snooping. No one, including family members and co-workers, can access a patient’s medical records without proper authorization. Password protection, tracking systems and clearance levels must be utilized to prevent unauthorized access. Even basic network setups provide for much of these safeguards if they’re set up properly.
- Missing patient signature. HIPAA forms must include the patient’s signature to be valid. If you set these forms up electronically, which many PMS’ allow you to do then these fields can be required before the form is accepted by the system.
- Releasing information to an undesignated party. Only the person(s) listed on the authorization form may receive patient information.
- Releasing unauthorized health information. A patient has the right to release only part(s) of their medical record. Any part of the medical record that has not been authorized by the patient cannot be released.
- Releasing the wrong patient’s information. Controls must be in place to avoid releasing information for the wrong patient. This often occurs when patients have the same or similar name.
- Right to revoke clause. All forms signed by the patient must include a Right to Revoke clause or the form is invalid.
- Unprotected storage of private health information. Private patient information cannot be stored on unprotected devices such as smartphones, laptops, thumbnail drives or any other unprotected mobile or portable device.
