October 10, 2019

HIPAA: Dos and Don’ts

The Health Insurance Portability and Accountability Act of 1996 is United States legislation that provides data privacy and security provisions for safeguarding medical information. HIPAA requires that all your employees are on the same page and working as a team to ensure that patient data is always protected. Here are some easy-to-remember strategies for maintaining HIPAA compliance:


Hire Respectful, Honest Employees: In most industries, the biggest threat to information security comes from outside sources, like cyber/fraud criminals or hackers. However, in the healthcare industry, most security breaches come from employees. Be sure to always perform background checks before hiring and check their references if they have them.

Educate Your Employees: Don’t let the seriousness of HIPAA go unknown; talk with your staff regularly regarding your expectations of privacy and professionalism, and remember, even accidental mistakes can invoke penalties. Especially after implementing new technology, hold refresher meetings about HIPAA regulations so everyone is familiar with proper protocols.

Report HIPAA Violations: It is important to notify your compliance officer of any violations you see. They will be able to help you take care of an issue before it gets out of control and let you know how you can avoid similar mistakes in the future. Although there can be serious consequences to HIPAA Violations, don’t be hesitant to let your officer know, it’s their job to help you keep patient data secure.


Leave Portable Devices or Documents Unattended: This is especially critical if your devices are not encrypted. Make sure if you use tablets or other devices for patient check-in, that they are properly stored behind the check-in desk when they’re not in use and if you’re using paper documents, they should be properly filed and organized before staff leave for breaks, etc. Financial penalties are enforced for leaving these types of devices or documents unattended.

Browse Patient Records Without Reason: Computer activity in your practice should be monitored to ensure your staff is only accessing patient records for treatment, payment or healthcare operation reasons. Unauthorized access to patient records could result in penalties including termination or even criminal charges.

Improperly Dispose of Patient Records: When handling the disposal of personal patient records and information, using a regular trash can or recycle bin is too risky. HIPAA requires that any documents with sensitive information, when they are no longer needed, should be unreadable, indecipherable and unable to be reconstructed. Make sure there are shredders available for staff to dispose of patient records and empty them regularly. 

Discuss Patients on Social Media: Clearly communicate with your staff that even if they think the patient won’t be identifiable by their comments, it is always best to play it safe and avoid posting about work altogether.

Text About Patient Records: Although texting is quick, easy and is frequently used for communicating with friends and family, it’s not encrypted and isn’t a HIPAA compliant way to discuss patient records. Although there are apps that your practice can use to text patients that are HIPAA compliant, like for appointment reminders, remote check-in, etc. texting other staff members about patients can be a serious risk.

For Additional Help, Reach Out to Medical Business Partners

Medical Business Partners conducts many coding audits, leads educational trainings, forums, and boot camps for staff and physicians. To learn more about our coding and billing services, start-up consulting, credentialing services or other ways we can help you increase your revenues, please contact us through our website or by calling (202) 390-3966.

About Team
At Medical Business Partners it is our mission to empower physicians to succeed in the ever-changing healthcare environment by improving billing, streamlining operations, and eliminating all inefficiencies.