Common Pitfalls Among Medical Professionals in HIPAA Compliance

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is designed to keep patient health information confidential and secure. However, the task is difficult at times, and staffers and outside medical answering services need to be aware of the rules.

The penalties for HIPAA violations by live virtual receptionists or by a healthcare answering service are severe and the loss of confidence created by a small misstep can be a practice-breaker. Fines can range to a maximum of $1.5 million per year.

One of the most common mistakes is to send a non-secure e-mail. Sending any text with patient information is a violation of HIPAA, and it's an easy mistake to make in the hundreds of communications that are issued each day by the average practice. It's good to have an encrypted text and/or e-mail messaging service. Endicott is one such service, allowing practices to relay patient information securely.

Another danger is having an untrained answering service for doctors handle your phone calls. In the heat of the moment, an untrained answering service for physicians can relay some information that shouldn’t be sent. Fortunately, there are HIPAA-compliant medical answering services that are well aware of the pitfalls and limits that they can safely provide. Again, Endicott Comm is one of them, providing trained staff who knows what they can and cannot reveal.

Disposal of information is another issue practices need to be careful in handling. Failure to shred documents that need to be discarded, or misfiling information in the wrong folder, can lead to a HIPAA breach. To prevent human error, it's best to have your documents in an electronic database.

Let your staff know that it's a HIPAA violation to access medical information without authorization . Many staffers are curious as to conditions, particularly if the patient has some celebrity status. It's a no-no, and should not be done. In an age where celebrity driven web sites, television and other outlets pay for information, it's becoming an increasing problem. Using clearance levels and user ID codes for accessing patient information will discourage this behavior

Even if you follow all of the required steps, there's a further danger - computer hackers.  Yes, they're out there, waiting to obtain sensitive information for their own purposes. A good firewall and careful monitoring of system access is necessary to prevent unauthorized intrusions. 

Finally, storing patient information on a laptop is never a good idea. Portable devices can be lost or more easily stolen, leading to a massive potential exposure of HIPAA information and fines for your facility.

We are in a brave new world when it comes to patient information. A savvy practitioner will make sure that they take strong steps to conceal patient information from unauthorized parties. It's one of the hallmarks of professional service.

Company Bio: Endicott Comm Inc. was established in October of 2007. We are supported by developers who are committed to the Answering Service and Contact Center industry and to delivering what we promise. Endicott and its family of service centers are all HIPAA Compliant and re-certified annually. In addition, all staff members are required to participate in a HIPAA training program and are re-certified annually.