Many practices commit HIPAA violations every day but aren’t aware of their violations. Is your office guilty of committing these top 3 violations against your practice and patients?
1. Emailing Sans Encryption
Your practice likely sends and receives emails containing sensitive patient information each and every day. While you can’t control what you receive, you can control what you send.
Simply put, HIPAA regulations state that any email you send containing patient information must be protected with encryption. Think of encryption as the virtual armored vehicle carrying your message from Point A to Point B. If you choose to send emails unencrypted, and one falls into the wrong hands, its go-time for data breach penalties and fines.
The fix: There’s no excuse not to use an encryption service since they are incredibly simple to use and inexpensive. If you need a suggestion, our Secure Practice Mail service exceeds HIPAA/HITECH compliance requirements and starts at $9.95 a month.
2. Can We See Your Password?
We get it – you have 371 passwords to remember quickly throughout the day. Please, whatever you do, resist falling victim to the ole password-sticky-note-under-the-keyboard trick! It completely undermines your practice’s privacy and protection.
The fix: Try an encrypted password management service. A service like this automatically inserts them for your various logins, and can even generate strong passwords for you. All you have to do is remember ONE password. We recommend a paid (not free) account with LastPass. We aren’t affiliated, but they offer a great product.
Bonus tips to live by in password land: Change your passwords quarterly; and require password changes whenever staff turnover occurs.
3. Patient Information At-a-Glance
If we can see any patient data while strolling through your office, you’re in violation. The idea is that anyone who walks through your office at any moment in time should not see sensitive information of any kind. Hallway charts, visible computer screens, and loose files must always be protected and covered.
The fix:
- Minimize screens displaying information when they’re not in use.
- Configure software settings to display minimal information in operatories & patient display monitors (like other patient names).
- Ensure all workstations require unique passwords.
- Configure screens to go blank after a few minutes of inactivity and enable automatic locking which requires the password to log back in.
Remember, there’s never a bad time to examine or re-examine your practice standards. We are always available to help review and discuss how to help your office maintain excellent privacy policies, so get in touch anytime.
Posted in Tech News
