Practices for Guarding Against HIPAA Breaches in Your Company

If your company is classified as a “covered entity” (most healthcare providers are covered entities) or a “business associated” of a covered entity, you are surely aware of the Health Insurance Portability and Accountability Act (HIPAA). HIPAA requires protection and confidential handling of individuals’ protected health information (or “PHI”). Healthcare organizations and businesses that provided services to healthcare organizations that create, use, or disclose PHI are required to safeguard it and to follow the various HIPAA rules – such as the privacy rule, the security rule, and the breach notification Rules.

A HIPAA violation could leave an individual’s sensitive, personal health information (PHI) exposed to others without causing the individual harm.  It could also result in an investigation by the government.  As part of its investigation, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights could impose hefty fines and other civil penalties.  Following a serious and intentional HIPAA violation, the Department of Justice may pursue criminal charges against the violator.

Given the serious consequences of a HIPAA violation, companies that handle health information and companies who provide services to those companies, should make sure that their handling of PHI is in compliance with the various HIPAA rules.

  • Install security — Computer files should be protected through passwords, encryption and other cybersecurity methods. Physical files containing PHI should be kept under lock and key, accessible only by designated, HIPAA-trained personnel.
  • Keep computer credentials individualized and confidential — A HIPAA violation may result from an unauthorized employee using another employee’s credentials to access PHI. Employees should have their own computer login information and accounts that provide access to the type of information pertinent to their job.
  • Communicate responsibly — An employee may violate HIPAA by discussing a person’s medical details in public or via text, email or phone. Communications should be sent through secure, approved channels.
  • Close or dispose of documents the right way — Tossing or leaving out a piece of paper that includes a person’s PHI or leaving a file up on a computer screen for everyone to see, can be considered HIPAA violations. Establish a method for disposing of confidential documents to make them unreadable, indecipherable and unable to be reconstructed, in accordance with HIPAA rules.

A HIPAA violation can be harmful to the violated individual as well as to the person or organization responsible for the violation. Our healthcare law attorneys work with covered entities to handle and help prevent violations of HIPAA. To schedule your free initial consultation to learn more about what the team at Hemmer DeFrank Wessels, PLLC can do, call [ln::phone] or contact us online. We represent businesses in Kentucky and Ohio.