How to Avoid Violation of HIPAA Laws

Female doctor and nurse having discussion

David Sacks / Stone / Getty Images

Avoiding the violation of the HIPAA law has been a struggle for many healthcare organizations. HIPAA violations that have cost organizations millions of dollars in fines. While there is no way to completely prevent HIPAA violations from occurring, health organizations must take the necessary steps to prevent patient information from being disclosed without their permission.

What Is HIPAA and the Privacy Rule?

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996. It became a more familiar term in the healthcare industry with the implementation of the Privacy Rule in 2001, which specifically addresses the protection of an individual's personal health information. It is important for the vitality of your medical office to maintain HIPAA compliance.

Any organization that accesses patient health information is considered a covered entity and is required by law to comply with HIPAA provisions or face civil and/or criminal penalties. It is imperative that medical records remain confidential and cannot be accessed by people who do not have proper authorization. Disclosures made regarding a patient's protected health information (PHI) without their authorization is considered a violation of the Privacy Rule.

All healthcare providers have a responsibility to keep their staff trained and informed regarding HIPAA compliance. Whether intentional or accidental, unauthorized disclosure of PHI is considered a violation of HIPAA.

5 Steps to Avoid Violating HIPAA Laws

1. Be Cautious With Routine Conversation. Healthcare professionals should take the necessary steps to keep from disclosing information through routine conversation. Basic information can seem so insignificant that it can easily be mentioned in routine conversation but should only be shared on a need to know basis. 

2. Don't Discuss Patients in Public Areas. Discussing patient information in waiting areas, hallways, or elevators should be strictly off-limits. Sensitive information can be overheard by visitors or other patients. Also, be sure to keep patient records out of areas that are accessible to the public. 

  • Check-in desks and nurses stations are out in the open where anyone can see protected health information. Go the extra mile for your patient's privacy with a HIPAA -compliant privacy screen.
  • Chart holders should be mounted and the front panel covered according to HIPAA standards. Choose between a large variety of chart holders based on your facility's particular needs.

3. Properly Dispose of Patient Information. PHI should never be disposed of in the trash can. Any document thrown in the trash is open to the public and therefore a breach of information. There are many ways to dispose of PHI. Proper disposal of paper PHI includes burning or shredding. Electronic PHI can be disposed of by erasing, deleting, reformatting, incinerating, melting, or shredding. There is a wide range of HIPAA-compliant paper shredders to choose from depending on the needs of your Medical Office.

4. Don't Gossip. Gossip is particularly hard to control. That is why it is important that access to information be strictly limited to employees whose jobs require that information. This type of violation can be particularly damaging to the reputation of your organization, especially in small communities where "everybody knows everybody." One of the most common violations involves family members and friends of staff members.

5. Do Not Disclose PHI Without Permission. Selling patient lists or disclosing PHI to third parties for marketing purposes is strictly prohibited without prior authorization from the patient. Remember that patient information should only be accessed for the purpose of providing quality care.

Was this page helpful?