Many health care organizations may be breaching HIPAA requirements without realizing it, or have employees doing so without their knowledge. It’s time for a wake-up call to those who feel they have nothing to worry about when it comes to HIPAA.
HIPAA Risks in the Workplace
HIPAA liability stemming from the actions of workforce members (including employees, volunteers, and trainees) is a bigger issue than you may realize. An often overlooked cause of HIPAA privacy breaches is human error. Workforce members with the best of intentions can still be careless and make mistakes.
Examples of HIPAA Privacy Breaches
- A nurse mistakenly gives a document with protected health information (PHI) to the wrong person
- A biller carbon copies an unintended party on an email containing PHI
- A physician’s unencrypted laptop containing medical records is lost or stolen
- A medical assistant discards a confidential document with PHI without shredding it
- A practice administrator forgets to erase hard drive before returning copier to the leasing company
Insider Security Risks Are on the Rise in Health Care
Both human error and malicious intent are working against you when it comes to safeguarding the privacy and security of patient information.
Besides common mistakes, there are increasing acts of malicious intent where ePHI is stolen over a period of time by an employee or staff member(s) that may be acting as feeders to a regional crime ring where patient information is sold for use in medical identity theft or credit card fraud.
Top Reasons to Evaluate HIPAA Breach Risks
While it’s impossible to eliminate all risks, many can be mitigated in order to reduce the likelihood and impact. One of the best investments you can make to protect your organization is to raise the level of security awareness and privacy concerns across your organization.
Here are six reasons why your organization should assess your HIPAA security risks::
- Data breaches are a constant threat
- Office for Civil Rights(OCR) audits reveal health care providers are not in compliance
- Workforce members pose a significant risk for HIPAA liability
- Patients are aware of their right to file a complaint
- OCR is increasing its focus on HIPAA enforcement
- HIPAA compliance is not an option, it’s the law
Every business can benefit from a harder look at their HIPAA compliance. A little bit of investment and commitment to involve employees as key stakeholders in your security and compliance program can save a lot of heartache later.
Discover how Stericycle can help your healthcare organization remain in HIPAA compliance by conducting required HIPAA risk assessments, establishing HIPAA policies and offering staff training.