The penalties for HIPAA violations by live virtual receptionists or by a healthcare answering service are severe, and the loss of confidence created by a small misstep can be a practice-breaker. Fines can range to a maximum of $1.5 million per year.
One of the most common mistakes is to send a non-secure e-mail. Sending any text with patient information is a violation of HIPAA, and it's an easy mistake to make in the hundreds of communications that are issued each day by the average practice. It's good to have an encrypted text and/or e-mail messaging service.
Another danger is hiring an untrained answering service to handle your phone calls. In the heat of the moment, an untrained answering service for physicians can relay some information that shouldn’t be sent. Fortunately, there are HIPAA-compliant medical answering services that are well aware of the pitfalls and limits that they can safely provide.
Disposal of information is another issue that practices need to be careful in handling. Failure to shred documents that need to be discarded, or misfiling information in the wrong folder, can lead to a HIPAA breach. To prevent human error, it's best to have your documents in an electronic database.
Let your staff know that it's a HIPAA violation to access medical information without authorization. Many staffers may be curious, particularly if the patient has some celebrity status. It's a no-no, and should not be done. In an age where celebrity driven web sites, television, and other outlets pay for information, it's becoming an increasing problem. Using clearance levels and user ID codes for accessing patient information will discourage this behavior
Even if you follow all of the required steps, there's a further danger - computer hackers. Yes, they're out there, waiting to obtain sensitive information for their own purposes. A good firewall and careful monitoring of system access is necessary to prevent unauthorized intrusions.
Finally, storing patient information on a laptop is never a good idea. Portable devices can be lost or more easily stolen, leading to a massive potential exposure of HIPAA information and fines for your facility.
We are in a brave new world when it comes to patient information. A savvy practitioner will make sure that they take strong steps to conceal patient information from unauthorized parties. It's one of the hallmarks of professional service.
Company Bio: Endicott Comm Inc. was established in October of 2007. Endicott and its family of service centers are all HIPAA Compliant and re-certified annually. In addition, all staff members are required to participate in a HIPAA training program and are re-certified annually.