Back to Blog

Keep Your Staff HIPAA Compliant with these 12 Best Practices

Keep Your Staff HIPAA Compliant with these 12 Best Practices
30 January 2016

It is important to comply with HIPAA for medical providers and medical groups because non compliance can cost fines of up to $50,000 or more for a violation.

As per HHS’ OCR (Office of Civil Rights) which implements HIPAA, correction actions are mostly needed in private practices. Other medical facilities that require correction are general hospitals, pharmacies, outpatient facilities and health plans.

Office of Civil Rights has resolved 2385 HIPAA violation cases since 2003 through changes in private practices, corrective actions or by extending technical assistance. In other 26 issues, HIPAA violation has amounted to $23 million in fines paid by national pharmacy chains, hospital chains and medical provider offices and others.

What can you do to keep your staff HIPAA compliant? Some of the best practices are:

  • Train your staff to handle PHI (protected health information) appropriately.
  • Employ a staff exclusively to manage HIPAA compliance and security standards, and to educate staff members from time to time.
  • Different levels of security must be given to different staffs, to prevent security breach beyond a staff’s scope of work.
  • Do not allow staff to share passwords.
  • Make it a point not to disclose PHI unless it is necessary.
  • Staff must be warned against accessing patient records unless necessary and written permission must be taken before accessing such records.
  • Computer programs must properly before moving to another task. You can use practice management systems that goes offline after a set amount of time.
  • Safeguard electronic data using passwords, encryption and authentication wherever required.
  • Use two step verification processes. For example, use password as well as voice detection, mobile phone verification or fingerprint detection.
  • If patient details are stored in paper files, put it in locked cabinets and shred it while disposing and use a cover sheet while faxing.
  • Always use a HIPAA compliant cloud server for data security. Cloud server is safer than Client servers to safeguard patient records.
  • Make sure all third parties involved in your medical business comply with HIPAA guidelines.

Common HIPAA issues that lead to an investigation are:

  1. Disclosure of PHI or use of it without permission
  2. Faulty PHI safeguards
  3. Denial of patient access to their PHI
  4. Failure to ensure safeguard to electronic PHI
  5. Disclosure of more than necessary PHI

If you are still not confident about complying the evolving HIPAA regulations, you can use a HIPAA compliant, cloud based EHR or practice management system to store and protect sensitive medical information.