3 IT Security Best Practices to Avoid HIPAA Violations

There are all sorts of HIPAA violations out there, and by being non-compliant – whether knowingly or unknowingly – you expose yourself to greater threats. With everything going paperless these days, there has never been a more critical time to ensure that patients’ protected health information (PHI) and personal health records (PHR) remain secure. Last year alone saw an influx of data breaches, and the Identity Theft Resource Center (ITRC) found that the number of US data breaches tracked totaled 781 – the second highest year on record since they began tracking breaches in 2005.

If you want to avoid reputation-killing HIPAA violations and keep your practice safe from malicious hackers this year, here are three IT security best practices to follow.

1. Never disclose PHI for personal gain.

Unfortunately, this happens more often than not. A well-known HIPAA violation case took place in 2006 when an Arkansas nurse pled guilty to criminal charges of purposely exploiting a patient’s medical records to use against the patient in a legal proceeding. The nurse pleaded guilty to wrongful disclosure of the patient’s health information and faced a maximum of 10 years imprisonment and a $250,000 fine. Yikes!

It is your duty as a healthcare provider to protect the privacy and security of your patients. Don’t ever disclose PHI for personal gain, because the consequences can be permanent and life-damaging.

2. Never communicate PHI to a patient through a method that they have not approved.

You should always confirm with your patient which channels of communication they’ve  authorized for you to discuss their PHI. Under no circumstances should your patient’s personal medical information be discussed in a public setting where it might be overheard or exploited, such as hallways, elevators, public transportation, or restaurants. The Office for Civil Rights (OCR) investigated complaints against medical practitioners who left telephone messages discussing their patients’ PHI on their landline when they gave specific instructions to only be contacted via cellphone. Don’t make the same mistake as these careless healthcare providers, and only communicate PHI through approved methods.

3. Never share passwords or login information.

It’s common sense to keep your computer passwords and login credentials confidential. And most hospitals and medical practices have a policy that enforces this security rule. But it’s just as important to keep your passwords and logins private as it is to update your old passwords for accounts holding sensitive information.

If you haven’t changed your passwords for accounts holding electronic protected health information (ePHI) or electronic medical records (EMR) within the past 12 months, be sure to do so now! By following these simple IT security best practices, you can avoid the consequences associated with HIPAA violations and non-compliance penalties.

And to learn how you can ensure IT security for your business, contact Hill Country Tech Guys for a free consultation!