The Health Information Portability and Accountability Act (HIPAA) governs secure use and management of patient health information. It came about in 1996 and mandatory for all health practices. However, many healthcare providers have a challenge of maintaining compliance with HIPAA regulation. This results from failure to keep up with modern data storage, sharing, and access. Read on to discover how your employees might not be HIPAA compliant.

The most common violations of HIPAA standards include failure to properly secure PHI records on your mobile devices, unwarranted revealing of sensitive information, and loss of a device having patient data. There are ways to make your employees avoid these errors including making all medical staff to understand HIPAA regulations. This will limit chances of non-observance errors including the following.

Sending information through unsecured emails

Quick communication is essential in a healthcare practice to derive positive outcome. Email is an efficient method to deliver information. Although HIPAA regulations do not prohibit forwarding and exchanging PHI through email, utmost security is necessary. It is important to apply secure encryption when sharing medical records through email. The best policy to guarantee HIPAA compliance is using email communication less often. Opt for alternative secure methods including patient portals, electronic health records, and secure messaging.

Not using HIPAA compliant third-party vendors

The HIPAA privacy rule is applicable to all covered entities in medical practice. This regulatory obligation also extends when outsourcing physician answering service . It also applies to other suppliers and service providers including:

  • IT suppliers
  • Billing service
  • Legal and accounting
  • Practice management

Any agency handling tasks on your behalf should be HIPAA compliant. This should manifest in all the agency’s extent and conduct of business.

No training in HIPAA regulations and policies

Apart from your staff getting acquitted with HIPAA regulations, a single training session is not enough. This is because these regulations are updated regularly. There is no excuse why your practice is not at par with current policies, requirements, and obligations. Regular training sessions and seminars can help keep your staff at par with current HIPAA compliance standards .

There is no official certification program for complying with this program. However, there are various on-site and distance courses you can select for your healthcare staff. You need a budget for this but it will definitely pay off. The cost of the training programs is considerably lower than the cost of non-compliance fines. This is a wonderful idea to ensure that your employees to contribute towards complying with HIPAA standards.

Inappropriate sharing of PHI data

The HIPAA regulations specify the circumstances when to share patient data. Alternatively, some cases might require medical personnel to only share PHI after getting written authorization by a patient. However, you cannot rule out situations where no authorization is required to share PHI. This might lead to sharing information regarding treatment with other providers and revealing patient records during an emergency without knowledge of the patient.

Other times, medical staff might discuss a patient’s health with family members. Your employees must understand the appropriate unauthorized use of patient information and possible exceptions. Perhaps shouting the patient’s name loudly is a breach of HIPAA regulations. It is very important to let all employees be aware of the need to comply with these standards. This will maintain the reputation of your practice while saving it from hefty fines and tie consuming lawsuits.

Not following the preferred method of contact with patients

HIPAA acknowledges the distinction between sharing patient information with other providers and contacting patients. The patient should determine how to be contacted by your practice and to always abide by this decision. Switching to a different communication channel is obviously a breach of HIPAA regulations. If the patient prefers communicating through email, your employees must abide regardless even without message encryption. This is because the patient opts for that communication method with full knowledge of the security risks involved.


Confidentiality and utmost safety of patients’ records is a very important consideration for healthcare providers. To ensure HIPAA compliance in your practice, keep updating your staff to make them remain at par with all current regulations. For industry best practice, ensure to outsource HIPAA compliant service providers and vendors. This guarantees high standards regarding patient identity while maximizing privacy.

Facebook Comments