HIPAA Breach: Avoiding the Violations

Designed by Freepik

HIPAA Breach: Avoiding the Violations

It seems increasingly harder to protect your practice against HIPAA breach violations. Becker's Health IT & CIO Review lists the following as top 10 most common sources of HIPAA violations:

  1. Employees disclosing information
  2. Medical records mishandling
  3. Lost or Stolen devices
  4. Texting patient information
  5. Social media
  6. Employees illegally accessing patient files
  7. Social breaches
  8. Authorization requirements
  9. Accessing patient information on home computers
  10. Lack of training

Penalties for HIPAA Breaches

The penalties for HIPAA breaches can be severe. There can be huge fines up to $1.5 million, and state attorneys can also take legal action against individuals and corporations found to have revealed or leaked the PHI of state residents. Such a simple mistake could certainly prove to be a very costly mistake!

HIPAA Breach Can Damage Your Reputation Big Time

Breaching HIPAA can be a very public and reputation damaging experience (in addition to the obvious breach of doctor-patient confidentiality).

This is an example of the after-effects of a post-data breach practice. Check out this Yelp listing of the NYC Dermatologist -

HIPAA Breach Penalties


And there were few other nasty comments!

You see - it is not only the financial losses but also the patient trust that can go for a toss just because of one overlooked step or lack of enforcement.

Emails are HIPAA's Biggest Enemy

Emails are one of the most insecure modes of transporting PHI. Emails are not only insecure, but also land into someone else's inbox if there is a typo or incorrect email address. We're human. The reality is that we mistype names, we log into the wrong account, we accidentally hit "reply all" (hey, I've been there too).

I was reading a post on TechCrunch few days ago, where the makers of Slack made a very profound statement- Email is a protocol, not a platform. Any email address is inter-operable with any other. As a result, no single company has been able to build a successful network around email. In my opinion, this is also the reason - why healthcare should not be using emails for secured communication. Email is simply not a platform.

This very incident of the NYC Dermatologist's HIPAA breach example as previously highlighted shows how your practice reputation (and bottom line) can be disrupted in a flash of a second. All insecure email communication in a medical practice, both internal and external, can be a ticking time bomb.

Why do we never focus on communication in medical practice operations?

HIPAA violations and security measures, all stem from how accurately and transparently you and your practice are communicating. It's important to do a communications audit to see where you are using insecure methods of communicating PHI with patients and staff.

You might be saying it won't happen to me...

"I Don't Care About HIPAA!"

Klara is a secure (HIPAA Compliant) healthcare communication platform. Besides Patient communication, medical professionals also use Klara to connect and communicate with any combination of internal or external Medical Professionals (Physicians, MA, PA, Nurses, Staff etc.) including Pharmacies, Billing and Labs.This means that all exchanges are secure, centralized and transparent.

Every now and then when I speak to several medical professionals or physicians, they take data breaches lightly. Moreover, few of them have said on my face the following:they don't care about HIPAA at all.

I started to think - why do some medical practices simply not care about secure communication? One of the reasons could be - it is one more extra piece of technology in their practice. On top of meaningful use, EHR/EMR systems, etc. it's tough to think about adding one more piece of technology for your staff to use.

The great thing about Klara is that it consolidates all communication: from on-boarding new patients to sending test results and scheduling follow-up appointments. It's an easy web login, none of that hard drive download stuff. AND, (you may be surprised to hear) the overwhelming majority of Klara users (staff and physicians) find it actually cuts down on the time spent on the phone and administrative work. Win-Win.

Don't Be a Victim of HIPAA Breach

Now it is your turn -

If you are a Physician, Medical Assistant, Physician Assistant, Case Manager, Pharmacist, Medical Biller or any other Medical Professional, Chat with us here.

Additional information on HIPAA:

HIPAA and HITECH Compliance Mandate The HIPAA Security Rule.