February 28, 2019

What is a HIPAA Violation? 26 HIPAA Violation Examples and How to Avoid Them

The Health Insurance Portability and Accountability Act protects patients' privacy, prevents fraud and protects personal health information. Compliance is critical for behavioral health facilities.

A single HIPAA violation can result in a fine of up to $50,000 to the provider and a potential loss of license. So, it goes without saying that it's incredibly important to avoid them. What is a HIPAA violation? It's a failure to comply with "any aspect of HIPAA standards," according to HIPAA Journal. It's when there's a breach of HIPAA protected health information, also known as PHI. Some of the most common types of protected health information for patients include names, social security numbers, dates of birth, addresses, email addresses, and phone numbers.

Now that you know what a HIPAA violation is, we're going to give you 26 examples so you can avoid making these mistakes.

EXAMPLES OF HIPAA VIOLATIONS

1. Employees Divulging Patient Information

Patient information needs to be kept private. Employees talking about patients to coworkers or friends is a HIPAA violation that can land you in a world of hurt. Employees can't share patient information with friends, family members, third-party vendors or organizations . Also, employees should only discuss patient information in private places and only with other medical personnel. There's no reason to share such information with anyone else.

2. Medical Records Falling into the Wrong Hands

Mishandling patient records is one of the most common HIPAA violations. This frequently occurs when a clinic uses paper records or charts. This can result in the clinician accidentally leaving the record in the patient's room, resulting in another patient seeing it. Patient records should always be kept in a locked space so they can't be stumbled upon by others.

3. Stolen Items

If an item containing PHI, such as a laptop or smartphone, is lost or stolen, that's also considered a HIPAA violation and can result in a hefty fine. To safeguard against this, any device containing PHI should be password protected. Be sure to lock down any device with PHI once you're done using it. A password doesn't do any good if the laptop is left open and logged in while you go do something else.

4. Lack of Proper Training

One of the best ways to avoid a HIPAA violation is to train your employees with the proper policy. You need to establish policies that ensure patients' information is protected and kept confidential at all times. Employees who are properly trained on how to avoid HIPAA violations are much less likely to make such mistakes.

However, mistakes will be made. When such a breach occurs, you need to have a plan on how to appropriately handle it. Trainings should be held regularly to make sure all employees, old and new, are well aware of your policy. Training all new employees on your policy and hold quarterly trainings to keep it fresh in all employees' minds.

5. Texting Private Information

While texting patient information may seem fast and effective, it also gives hackers the ability to get their information. You can't put a patient's name or information in a text. If you do and you're caught, it can be a 5k fine per violation per text. And legally, you're required to report those violations. There are programs that encrypt the information which allow it to be texted without concern. But the problem here is that it needs to be installed on the wireless device of both parties, and it rarely is.

A good electronic medical record (EMR) software will provide ways for clinicians to transfer such information efficiently and in accordance of HIPAA. Check with your EMR provider to see what can be done to make your communications compliant. If you're looking for a new EMR, we'll give you a free demo here. You can also learn more about the features of our EMR here.

6. Passing Patient Information Through Skype or Zoom.

Texting isn't the only common kind of communication that's a HIPAA violation. Skype is another way clinic employees frequently communicate about patients, but the same problems apply. Hackers can easily obtain that information. This is part of why it's so important to have a good EHR. If you're looking for a new EHR software, you learn what to look for here.

7. Discussing Information Over the Phone

Another potential HIPAA violation that's easily overlooked is discussing information over the phone. But it's vital. When you're discussing a patient's information on the phone, you need to be in a private place where others can't hear you. Talking about a patient in a public area where others can hear you is a HIPAA violation.

8. Posting on Social Media

You absolutely can not post photos of your patients on social media. It's a definite HIPAA violation even if no names or information is posted. People can easily identify the patient and the doctor, which can reveal unwanted information about their health. This should definitely be taught in policy training. No matter how harmless the intent, this can result in huge fines and is very easy to prove.

9. Employees Accessing Patient Files and Charts Without Authorization

This is a very common HIPAA violation and frankly, it doesn't matter the cause. Employees can only access patient information when they've been authorized to do so. It's illegal to do so even if it's purely out of curiosity or to help a friend.

10. Using PHI for Personal Gain

This should go without saying that using or selling PHI for personal gain is illegal. In addition to a large fine, it can also result in prison time. Again, make sure this is taught in your training to new employees and quarterly trainings.

11. Written Consent

Before PHI can ever be disclosed for purposes other than treatment, payment, or healthcare operations, you must get written consent. If you or one of your employees aren't sure, it's always best to err on the side of caution and get written consent.

12. Home Computers

It's not uncommon for doctors and nurses to use their own computers to access patient information after hours for notes. In itself, this isn't a HIPAA violation, but it can very easily turn into one if the screen is left on and a family member sees the patient's information. As we mentioned before, laptops, computers, and smartphones should always be powered down and password protected when you aren't using them. Again, make sure this is taught in your policy trainings.

13. Inquiries in Social Settings

It's very common for people to approach clinicians in a social situation asking about someone they know who is a patient. When you think about it, it makes perfect sense. Patients, their friends and family members have no reason to know HIPAA law. But that doesn't make revealing PHI in these settings HIPAA compliant. The best way to avoid this is by having a planned response for these types of situations that doesn't involve any personal information.

14. Poor Reporting Timing

No matter how well-trained or experienced a healthcare provider is, they can still have HIPAA violations from time to time. What's crucial is to make sure the issue is responded to and resolved as quickly as possible.

HHS requires notification with extensive documentation within 10 days of the data breach with a minimum of 15 detailed components that relate to the entity's internal investigation.

15. Releasing Records After Authorization Date

Patients have the ability to set an expiration for their authorization. Releasing confidential patient records after the date they set is a HIPAA violation. It's important to pay attention to the details.

16. Missing Patient Signature

Patients can often miss a signature when filling out HIPAA forms. However, if the forms aren't signed, they're invalid. And if they're invalid, releasing information is a HIPAA violation. The solution to this is simple and obvious. Make sure all HIPAA forms are signed.

17. Providing Security With Too Much Information

Security personnel in health clinics need to know the name and room number of patients so they can guide friends and family members to their rooms. That information is compliant. However, they don't need any information like treatment or diagnosis.

18. Nurses "Need to Know"

Nurses need access to private information for the patients he/she is responsible for in his/her unit. But giving a nurse PHI to patients in another nurse's unit is a violation of HIPAA. There's no need for them to have access to information for patients they aren't responsible for.

19. Regulations for "Minimum Necessary"

Health insurance companies typically need to know how many visits a patient has had to the clinic but nothing beyond that. They aren't allowed to see the patient's entire history. This can be easy to overlook as you already have to give the health insurance company some information about the patient and it may seem necessary to give more. But don't.

20. Sending Private Information Via Email

Another common HIPAA violation is sending PHI in an email. This is for the same reasons as the other communication issues we discussed. For those of us that aren't internet hackers, it might seem harmless. But hackers are able to easily access your email, making a patient's information vulnerable.

21. Media Interviews of Patients

From time to time, a member of the media may want to interview a patient for a story. This happens less frequently, but you can't allow the media to interview substance abuse patients. Doing so is a HIPAA violation. The reason is that it violates their privacy. Even if a patient is okay with it, we'd still recommend staying away from the idea completely.

22. Releasing Information Without Consent

This may seem obvious, nevertheless it happens. Releasing information about minors without parental consent is a HIPAA violation. Not only that, but it can cause issues with the parents or guardians and even result in a law suit.

23. Releasing The Wrong Patient's Information

This is where you have to be extra careful. Anybody can make a mistake, but that doesn't make it legal. If you or one of your coworkers releases information to the wrong patient, it's a HIPAA violation. This tends to happen when you have patients with the same or similar names. Make sure you train your staff to double check what information they're releasing.

24. Right to Revoke Clause

Any and every form your patients sign need to have a "right to revoke" clause. If they don't, they're not valid. And if they're invalid, any information you release to a third party organization violates HIPAA.

25. Releasing Information to an Undesignated Party

You're only allowed to give patient information to the exact person authorized on the form. Releasing it to anyone else violates HIPAA regulations.

26. Disposal of Records

When you dispose of a patient's information, it has to be unrecognizable. Shredding is a great way to dispose of paper records.

How to Avoid HIPAA Violations

To conclude, HIPAA violations carry hefty fines and consequences. In order to avoid HIPAA violations, hold regular trainings on your policies and procedures, double check who you divulge information to, and password protect everything. As you can see, there are so many ways to violate HIPAA. Make sure you and your coworkers don't discuss patient information in a way that others could hear or obtain it.

Lastly, and maybe most importantly, get an EMR software that makes communication easier. If your current EMR does that, make sure your staff is trained on using it in accordance with HIPAA. If it doesn't, we would strongly consider getting an EMR that does.

Compliance is important. Learn more about how Alleva's EMR can help to streamline your workflow, save your staff time, and prevent burnout.

Featured Image

February 14, 2019

How to Choose a Behavioral Health EHR: 10 Things You Need to Consider

1. Identify your goals

It is so important to understand your business goals when looking for a behavioral health EHR. What are your overarching goals for your business and where are you going?  Are you trying to cut costs, grow revenue, expand locations, beds, occupancy or census? Are you trying to better retain staff? Do you have clinical goals that require better oversight or more time to accomplish - more efficiency, or better connection with patients? Identifying your goals, whatever they may be, is hypercritical to knowing what you want.  Pain is just as important which is the next step.

2. Identify your need: Why do you need a behavioral health EHR?

 It is critical to understand your motivations for needing a behavioral health EHR.  What is your challenge with your current software? What are general pains with your business?  Are you losing insurance dollars because of audits or record requests with missing documentation?  Are you struggling with licensing or other concerns? Is there a lack of oversight because you are on paper or a weak system with little reporting or business intelligence tools to get what you need? Is there a department that is inefficient?  Are you on a system but certain aspects of your business are still being done on paper?

3. Evaluate your current Process: What's working today that you wouldn't want to lose?

Is there anything your current vendor is doing right that you would be loath to lose? It is important to establish what is working and make sure you are not taking one step forward and two steps backward.

4. Assign priority

Try to list your pains with your current behavioral health EHR in order of biggest to least. Also, list the things you want to keep in order of importance. This will help you identify the best fitting EHR by how much value it will give you.

5. The Net

Your mental health EHR search needs to be done thoroughly.  Make sure you gather a minimum of two EHR providers to go through. Having three or four would be ideal.  Do an initial demo with each, keeping the demos to 30 minutes or less to narrow down to your top one or two.  

6. Due diligence: Getting References on the Behavioral Health EHR Provider

Make sure you speak to references.  This is an important step many people miss when selecting a behavioral health EHR.  Whether they blindly sign up with a company or whether they discount that company because another competing company discouraged them from continuing to talk with them, make sure you do your due diligence and speak with people that are actually using the software every single day. You should also check their reviews on sites like Capterra and G2Crowd. Look at how many reviews they have and if the majority are good or bad.

7. The Behavioral Health EHR Demo

 Make sure you have in mind some key areas you are looking to improve and have those outlined before the demo to help the presenter know what to focus on.  Your time is precious and it should be focused on the things that will bring you maximum value and enable you to maximize your results with your new software.  This will also help your behavioral health software provider to know the important things they need to be working on and where their customers are looking for help.

8. Your Current Contract

Some contracts have notice clauses that require one to give a certain amount of notice before you may cancel.  This is important to know when thinking about your timeline to transition. Timing your notice with your implementation is key so that you are not paying for two systems longer than you need to.  If your clause is 60 days or less, there isn’t much to worry about. Your new provider can advise you on when the best time will be to give notice. If it is longer than 60 days, you may want to consider giving notice even before you select a new partner.

9. A Good Fit

The partner you choose needs to be a good fit technically, but what about culturally?  Some partners might be more online-tutorial based, some may be support-center based, and others may be account management based.  It’s important to identify what is important to you and what is included. Also, where is the company headed? Most software today is cloud-based and delivered as a service (SAAS). What does their roadmap look like for the next year? How often do they do releases into their product? How are those communicated? How many engineers do they have on their team? Are they full time or part time contractors? Are they based in the US or overseas? This is important to know based on your past experience and deciding on the right fit for your business.

10. Cost vs. Value: What's the value of each option?

 Listing the choices in order, regardless of price, is a great way to help yourself determine what you really want.  Next, you'll want to assign a price to each option. If the price of the first one is worth the value it brings, then your decision was just made for you.  If there is a discrepancy, then you need to think a little harder. One suggestion that is worth trying is calling that number one option and telling them they are the number one option but that their price seems to still be a barrier.  Maybe they can be flexible. Sometimes they can and other times they can’t. It will depend on the situation. If option one cannot make it work, repeating these steps for option two and so forth will help you get the best possible solution for your needs and budget.

Choose a Behavioral Health EHR that best fits your needs

When you're looking for a behavioral health EHR, you should first identify your goals and needs. It doesn't matter how great a mental health EHR software is if it doesn't do what you need it to. Once you've established this, look at your current process and find an EHR that keeps what's currently working for you.

Next, assign priority to the pains and items you want to keep in order of importance. Then make a list of potential EHR vendors and get references on them. The best way to conduct an EHR search is to make it thorough. Then, get a demo! Most, if not all, EHR vendors provide a free demo. If they don't, you probably shouldn't consider that vendor. You can schedule a no-hassel demo with us here.

Check your current contract to ensure it doesn't have any clauses preventing you from leaving without sufficient notice. If you're able to leave your current contract, don't do so until you know the new vendor is a good fit technically and culturally. If it is going to save you time and give you peace of mind, it will be worth the switch.

June 29, 2017

Incarceration vs. Rehabilitation

Incarceration vs RehabilitationIncarceration vs rehabilitation methods have been hotly debated over the years and recent research has emerged that has greatly improved practices and progress in treating addiction as a health issue.  However, some practices are in direct conflict with what others consider proper care.

With rising opioid use across the country, there are those who would argue that in-jail treatment offers the best solution.

Inimai Chettiar and Grainne Dunne of the NYU School of Law responded to the incarceration vs rehabilitation argument, stating “We should certainly improve treatment in jails. But by focusing on building drug treatment infrastructure inside the criminal justice system, we further institutionalize its placement there. This reinforces the belief that people battling addiction deserve punishment — undoing years of progress to understand addiction as a health issue.”

Even improving treatment within the justice system could not be enough to rehabilitate those struggling with addiction.  The consequences, stigmas, and stereotypes that accompany someone who has gone through the justice system are often too difficult to overcome and while they may receive some medical or therapeutic treatment, rehabilitation includes being accepted back into society and that often cannot occur.

Treatment should be given in the appropriate environment, facilities that are designed for rehabilitation, not punishment.

In the rehabilitation vs incarceration debate, what do you support? Comment below.

June 20, 2017

Anti-Drug Laws

The number of laws in place to discourage illicit drug abuse have only increased with time. However, despite the array of anti-drug laws put in place for its prevention, Illicit drug use in the United States has been increasing rather than decreasing
The expected decrease in drug abuse associated with the creation of more laws and anti-drug related institutions has not proven to be certain. In reality, drug abuse has continued to increase despite the implementation of these new systems. This is not to suggest that the establishment of institutions in any way causing an increase in drug abuse; rather that it has been unsuccessful in achieving its primary purpose of diminishing such abuse.
Never has the attempt to stop the consumption of illegal substances been made more official as during the prohibition. Although the prohibited substance in that time was alcohol rather than opiates and narcotics like we see modernly, the lesson learned is entirely applicable. The institutional opposition was so official that it was even included as an amendment in the constitution, which is more powerful and binding than any law. Even with the political strength that uniquely the constitution can bring, the best estimates are that the consumption of alcohol only declined by thirty to fifty percent during the prohibition.
Half, and potentially seventy percent of the designed sobriety was unsuccessful even when backed by arguably the most powerful political document in this nation. However, this bleak statistic does not suggest that the problem is unconquerable. Rather, it suggests that fifty to seventy percent of progress towards a drug-free society will not be achieved by the creation and enforcement of anti-drug laws.
 

June 19, 2017

Recovery Reinvented

The Governor and First Lady of North Dakota have announced that on September 26th 2017 there will be a day of “facilitated conversations” about addiction recovery. The event, Recovery Reinvented, will be a conference centered on teaching people that addiction is a chronic disease that is treatable.

They plan on bringing together state and national experts in recovery to share innovative practices that will directly help people take action against their addictions. It is going to be a very personable and applicable event, North Dakota’s First Lady Kathryn Helgaas Burgum even plans on sharing her experiences as a recovered alcoholic to help others that are similarly struggling. This event should have a very positive effect on increasing awareness and helping improve the national addiction epidemic within their state.

It is great to see that North Dakota is taking action against addiction especially keeping in mind that they have a relatively less severe problem with drug addiction. Hopefully other states will follow their example, and work towards raising awareness and providing solutions within their own spheres of influence.

June 13, 2017

Who Suffers From PTSD?

Who suffers from PTSD?

Often when we think of Post-Traumatic Stress Disorder, the first image that comes to mind is a veteran haunted by nightmares of painful memories that he or she experienced in their service on the battlefield. This image is not mistaken: many veterans suffer from the effects of PTSD after their return to normal life.

However, PTSD is not a veteran-exclusive ailment. It is a psychiatric disorder that can occur after any traumatic experience. War is obviously filled with a lot of trauma; hence many who experienced the horrors of war will experience the effects of PTSD. However, it can also follow other painful experiences like natural disasters, serious accidents, sexual or physical assault, severe illness, or even witnessing another person experience these traumatic situations.

Everybody will experience something painful in their life, however, the majority of people will recover and be able to move on within a few weeks or months following the episode. Unfortunately, many will develop PTSD and will subsequently be harrowed by the memory of this painful experience.

 

Just like any other disease, physical or mental in nature, the effects of PTSD are very real and painful. Whether experienced because of a traumatic experience in war, or in civilian life, its effects truly hinder the individual’s ability to function. However, just like any other disease, there are professionals who know of remedies and cures to tame and eventually conquer its effects.

If you're a clinician looking to help people with this affliction, our mental health EMR can help. You can see the benefits and features of our software here. Or fill out the form below to schedule a demo. 

[wpforms id="79"]

June 12, 2017

Everything You Know About Recovery is Wrong

Innovators, like Johann Hari, help us understand better those who struggle with addiction and helps us challenge our preconceived ideas on the criminalization of drug use. He helps us ask the hard questions. What is addiction? How does addiction happen? How can we help those who struggle from addiction to achieve recovery? And he gives us surprising solutions as he makes striking statements like, "the opposite of addiction is connection".

 

June 9, 2017

Drug Use Statistics by State

The term "opioid epidemic” is in the news almost hourly. We hear tragic stories of lives destroyed by addiction. Some states are notorious for a specific type of drug use- think Montana with meth, or California with cocaine. But a recent WalletHub report published the drug use statistics on every state, ranked by “overall drug problem”, drug use and addiction, law enforcement and drug health issues and rehab. 

Where does your state rank? The answers may surprise you. 

Source: WalletHub

Here are the top 10 states in terms of the overall drug problem:

  1. District of Columbia
  2. Vermont
  3. Colorado
  4. Delaware
  5. Rhode Island
  6. Oregon
  7. Connecticut
  8. Arizona
  9. Massachusetts
  10. Michigan

Colorado also ranked #1 in teen AND adult drug users, while Alabama made a name for themselves as having the most opioid prescriptions per 100 citizens. West Virginia has the most overdose deaths per capita, and South Dakota has the most drug arrests per capita.

 

If you were surprised (like we were!), there's more to learn and more to do.

June 8, 2017

We’re Official! The Best EMR Goes Live

Our one-of-a-kind EMR software is taking off and we couldn’t be more excited to share the news. Our super-cool first press release was published earlier this week.  “We knew we could make a difference in the realm of addiction recovery simply by improving communication between therapists, clients and families,” said co-founder Matt Stevens when interviewed for the press release.

Our HIPAA-compliant secure video conferencing, treatment plans, client app, and other unique features make our EMR the best on the market.

We want to thank our team members in our San Clemente and Provo offices for their hard work, creativity, and stunning good looks. We also want to thank our beta customers: Acqua Recovery, Miramar Recovery Center and Solara Mental Health for jumping on board and letting us be part of their teams.

We’re excited to see what’s next!

June 6, 2017

Sobriety: More Than Just Willpower

Man Takes Field Sobriety Test

Addiction has long been characterized by researchers and observers as a result of a lack of willpower.  Many assumed that those who struggled to achieve sobriety just had a weakness and so it was necessary to remove temptation.

A recent study found that just the opposite is true.  A study of 69 participants in recovery over the span of three years found that most identify as being strong-willed and yet they still have addictions to various substances.  This suggests that addiction is less cognitive and therefore requires prevention strategies that are not focused on cognitive processes.

Those who participated in strategies rather than sheer willpower had more success in staying sober and in progressing in their recovery. 

This is not to say that willpower in sobriety is irrelevant.  The researchers explain, “It probably takes willpower to deploy strategies at all. Because willpower is likely fragile...such a use of willpower is successful because it need not continue; the person who effortfully deploys the strategy of blocking out the sales pitch of the dealer with headphones doesn't need willpower to resist that pitch. Willpower is best used strategically, and the participants mention several strategies for doing so. They ‘pick their battles’.”

Treatment can teach those in recovery how to harness willpower and deploy strategies to lead to a more effective and long-lasting recovery. You can learn more about which drug addiction treatment is best here. 

Newer PostsOlder Posts ›
Alleva-FullColor-Logo-Footer
NATSAP-Logo-New
NAATP-Logo-Footer

Copyright 2019 - Alleva Corp. All Rights Reserved.

Copyright 2019 - Alleva Corp. All Rights Reserved.

Copyright 2019 - Alleva Corp. All Rights Reserved.