According to the U.S. Department of Justice (DOJ), there have been over 102,000 HIPAA-related complaints. Granted, some of these complaints are resolved with no consequences taken on behalf of the covered entity, but others result in costly fines or even criminal prosecution. If you run a healthcare practice, you should check the following to determine whether or not you are at risk.
How Are Digital Storage Devices Discarded?
Just because the device is password-protected doesn't necessarily mean its data is safe from prying eyes. Whether it's a desktop, laptop, tablet computer, USB flash drive, etc., old digital storage devices must be completely wiped of data before they are discarded. Only after the data has been completely purged can the device be recycled or discarded.
How Are Physical Files Discarded?
Tossing patient files and folders in the trash can is a serious mistake that could result in a HIPAA-related fine. Physical files such as this must be completely destroyed via shredding or burning. Purchasing a paper shredder should only run you about $20 bucks, which is a small price to pay for the peace of mind knowing that your patients' data is safe.
Can Patients See Computer Screens?
Take a moment to walk through your healthcare practice and look at the computers. Are you able to see the monitors used by employees? If so, it's safe to assume that patients and other non-healthcare personnel cans see it as well. Consider moving the computers and/or using privacy screens to prevent prying eyes.
Is Patient Data Encrypted?
While HIPAA doesn't necessarily state that healthcare providers must encrypt patient data, the Security Rule requires healthcare providers to “implement an addressable implementation specification if it is reasonable and appropriate to do so.” So in other others, encryption is required if it's reasonable and appropriate to encrypt. Whether the data is stored or being transmitted, it's a always a good idea to use some form encryption to protect against disclosure.
Do You Have a HIPAA Security Officer?
Healthcare practices can reduce their risk of being targeted by HIPAA by hiring a dedicated HIPAA security officer. This person or organization will perform an analysis of the practice's operations and the way in which patient data is used and stored. If any potential violations are discovered, you can fix them before it turns into a problem.