From the archives... Originally published January 26, 2015, and back by popular demand:
HIPAA penalties are getting bigger and bigger, and are almost always issued for inadvertent mistakes. MPA monitors the Office of Civil Rights (OCR) HIPAA enforcements, and breaks down the top HIPAA hazards—and how you can stay out of hot water.
Well-meaning employees take work home to meet deadlines, or exceed performance expectations. When this involves PHI, employees with good intentions can create a very bad problem. How do you protect the privacy and security of PHI when it leaves your facility?
A hospital entered a $1,000,000 HIPAA settlement after an employee left documents containing PHI on the subway, including PHI for patients with HIV/AIDS. The documents were never recovered, which means no one knows if they were improperly used.
What You Can Do.
Decide if you want to allow employees to bring work home. If
so, clearly define how this can be done. It is a good idea for paper PHI to stay in your facility. Also evaluate protections for ePHI. Do you have remote access policies and procedures? If employees are allowed to work from home, can they access ePHI? If so how do you know their access is secure? How do you know your provider’s ePHI is safe from the view of others in the employee’s home?
Learn about other HIPAA Hazards and how you can avoid them.