There are dozens of ways that your office could be holding proverbial Mentos over a bottle of HIPAA Coke. The following common HIPAA violations were found on numerous HIPAA sites and serve as a warning for your practice. After all, taking time to address small things that could lead to a data breach before it happens can save your practice thousands in fines or lost patients.
Using a personal cell phone or laptop
Okay, we don’t mean you can never use your phone if you work in a dental office. However, you should make sure that you aren’t storing patient claims or data on your personal phone or laptop. Using a personal device is an easy access point for hackers to strike gold. Your personal devices likely do not have the same security as your office electronics. Personal devices are often lost or stolen and could lead to a PHI breach.
Keeping patient data safe isn’t just for active practices
So this one is pretty rare, but it was announced in 2018 that even if a dental practice is closing, the PHI from that office is still protected under HIPAA. For example, if someone improperly disposed of PHI the office would be violating HIPAA and face fines — yes, even if the office shuttered.
Missing the trash can
How you purge patient records is just as important as how you store them. An easy way to trigger a data breach, and therefore a HIPAA violation, is if someone steals them out of your trash or recycling (a.k.a. data raccoons). If you throw out an old pc without having a professional wipe all of the data, those files that you “deleted” are easy to recover. The same is true for external hard drives. All physical documents must be run through a crosscut shredder before being disposed.
Not using encryption
Files containing patient data should be encrypted. There are dozens of softwares that can protect your data with encryption. Select the one you need based on the software environment where the data is stored or being transferred to. For example, one encryption program can protect the files on your desktop, while another needs to be used when you send a file via email. Encryption protects PHI where it is extremely vulnerable.
Being a little too loud
HIPAA protection doesn’t apply to just stored data. Someone’s PHI could be exposed just by staff talking about them within earshot of other patients. Make it a habit to send staff to a designated area to talk about patient issues. Even a small slip up could be reported as a HIPAA violation. Why tempt fate?