HIPAA compliance – a little education will save you a lot of trouble

NEMT HIPAA Compliance Officer Jewell Ford

We see it in the news every few weeks: another hospital paying millions of dollars in fines or settlements for HIPAA violations.

Occasionally, the violation is the result of malice – someone intentionally looking at information they shouldn’t see. But more often, it’s simply a mistake; patient privacy laws are long and complex and when hundreds of employees and contractors share information, it’s not hard to see how someone could accidentally fax a report to the wrong number or not realize they can’t send patient IDs in an email.

So how to you avoid security breaches? It’s an old cliché, but it’s true – knowledge is your best defense. A comprehensive HIPAA training program will teach your staff how to avoid simple mistakes. And “comprehensive” doesn’t have to mean “time-consuming” or “expensive.” The basic safety rules can be taught in a couple of hours and a Google search of “HIPAA compliance classes” will turn up a variety of schools that offer online HIPAA training programs and tests for health information professionals. Better yet, check your specialty’s professional journals and associations for a list of approved classes.

The second step is to create a policy and stick to it. A clear-cut policy listing expectations and penalties will help everyone know what they need to do. Any good policy should be based on education and counseling. For minor and isolated mistakes, employees can be given verbal or written warnings and required to retake the class. Serious or repeated violations may call for tougher measures but regardless, an established policy with documented follow-through will help protect your business.

The real key, however, is education. Most employees want to do their part to protect patient information – they just need to know how. One of the easiest things you can do is to give your staff a list of the most common violations in an easy-to-read format that they can keep for quick reference or even tape to their workstations.

For instance, in clinical documentation, we see eight specific mistakes more often than any others:

  • Picking the wrong CC on an email containing protected health information
  • Picking the wrong patient name
  • Picking the wrong dictator
  • Picking the wrong account number, medical record number or subject ID
  • Entering the wrong supervising or attending physician
  • Sharing information about a patient with others who have no reason to have it
  • Failure to immediately report any potential breach or security incident to the compliance officer or your supervisor
  • Improper disposal of materials containing protected health information.

And there’s one other mistake that needs to be mentioned: going into a patient’s chart for no reason. While it’s not a common violation, it’s a serious one. Even employees who have rightful access to a patient’s chart can’t look at it without a valid reason. And while they usually know that, it bears repeating often because it’s the kind of thing that gets all types of workers, from MTs to nurses, doctors and administrators, into trouble.

There are, of course, many other costly mistakes and whether you work for a hospital, an IT-provider or a medical transcription firm, everyone in your company is responsible for avoiding them all.

The bottom line? Education. Teach your staff the rules, keep repeating them and help them stick to it. Your patients, your clients and your employees will thank you for it.


Click here for our quick-reference list of common HIPAA violations.

Share and Enjoy:
  • Print
  • Facebook
  • Google Bookmarks
  • Tumblr
  • Twitter
  • LinkedIn
  • PDF
  • RSS

No related posts.

This entry was posted in HIPAA and tagged , , , , . Bookmark the permalink.

3 Responses to HIPAA compliance – a little education will save you a lot of trouble

  1. Jean Marie Russell says:

    I really enjoy reading this publication, and Thursday and Friday of this week I am doing mandatory re-training of ALL staff on HIPAA as we have had some violations which were deemed lack of education to put it nicely. I see HIPAA violations as a great way to fine hospitals in order to have the monies to return for the incentives we have been promised. In other words, I think they say “robbing Peter to pay Paul”. :)

  2. Charles Smith says:

    I am aware of a clinic in Honolulu that is not in compliance with HIPPA or Medicare, can you help me find an agency in Honolulu to report this to, Thanks, please email me the info, thanks

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>