Wednesday, January 16, 2019

Five Inadvertent HIPAA Violations by Physicians

Doctors do not plan ahead to violate HIPAA, but in this digital age, they may be doing it because they did not plan ahead. The recent final rule of the HITECH Act outlines that even if the physician is unaware of the violation, they may be fined a civil penalty of $100 - $50,000 per violation. It is time for even the most resistant doctors to pay attention to how they handle protected health information (PHI). Here, we will outline five common ways physicians are breaking HIPAA/HITECH privacy and security rules, and may not even know it.

1)    Texting PHI to members of your care team

It’s a simple scenario: you’ve just left the office, and your nurse texts you that Mr. Smith is having a reaction to the medication you’ve just prescribed. She has included his name and phone number in the text. You may know that texting PHI is not legal, but feel justified because it is a serious medical issue. Perhaps you even believe that deleting the text right away will protect you – and Mr. Smith

In reality, this text message with PHI has just passed from your nurse’s phone, through her phone carrier, to your phone carrier, and then to you – four vulnerable points where this unencrypted message could either be intercepted or breached. In a secure messaging app, this type of message must be encrypted as it passes through all four points of contact. Ideally, both sender and recipient should be verified and have signed a business associate agreement (BAA).

2)    Taking a photo of a patient on your mobile phone

To some this will sound silly, to others, it is as common as verifying a rash with a colleague or following the margins of a cellulitis day by day. Simple enough, but if these photos are viewed by eyes they are not intended for, you may be in violation of your patient’s privacy. It’s important to be aware of where and how patient information and images are stored. Apps that allow you to take a secure photo are just as important as sending the message securely. DocbookMD allows photos to be taken within the secure messaging app itself – never stored on your phone or within your phone’s photo album. Always use this type of feature when taking any photo of a patient or patient information.

3)    Receiving text messages from your answering service

Many physicians believe if they receive a text message from a third party, like an answering service, they are not responsible for any violation of HIPAA – this is simply not true. Many services do send a patient’s name, phone number and chief complaint via SMS text. The answering service may verify it is encrypted on their end, but if PHI pops onto the physician’s screen, it is certainly not secure on their end – and this is where the physician’s responsibility lies. Talk with your answering service today to see how they are protecting you at both ends of the communication.

4)    Allowing your child to borrow your phone that contains PHI

Many folks allow their kids to play with their phones – maybe play games on apps while in the car. If your phone has an app that can access PHI, then you may be guilty of a HIPAA breach if the information is viewed by or sent to someone it is not intended for. The simple fix is to utilize the pin-lock feature on your messaging app – and for double-protection, always password protect your phone!

5)    Not reporting a lost or stolen device that contains PHI

Losing your smartphone or tablet is a pain for many reasons, but did you know that if you have patient information on that device, you could be held responsible for a HIPAA breach If you do not report the loss right away. The ability to remotely disable an app that contains or handles PHI is an absolute must for technology that handles communications in the medical space. Be sure to ask for this feature from any company claiming to help you be HIPAA-compliant in the mobile world. Remember: Being HIPAA – compliant is an active process. A device can claim to be HIPAA secure, but it is a person who must ensure compliance.

I Need News & Information


2013 2014 Ebola Outbreak 2014 Election 2016 2018-2021 ACA AIDS Annual Report Appointments Assembly Business and Professions Committee Awards Ballot Initiatives Boxer Budget Burnout CA Ballot Initiatives CAFP California CMA CMA Annual Report Comments Congress Construction Controlled Substance CURES Discontent Dolores EHR Election Election 2014 Exchange Governance Grace Period H.R.2. Health Exchange Health Laws Healthcare Laws HIE HIT HIV Hizon HOD House House of Delegates ICD-10 IEHP Languages Lee Legislation Mahdi Meaningful Use Medical Medi-Cal Medicare MICRA Mode of Practice No on 46 NoOn46 opiods Opioids Outstanding Contribution Patients Paul Green Practice Management Prop 46 Prop 56 Proposition 46 Public Health Alert Rajaratnam Rancho Springs Rating RCMA Repeal Risk Management Riverside Community Hospital Riverside County Schedualing Senate SGR Southwest Healthcare Stage 2 Strategic Priorities Survey Termination Trial Lawyers Uppal Vaccines Volunteer White Wilson Creek Winery 2014 2014 Election 2014 laws 2015-2017 2016 2016 Election 2018 46 AB 3087 AB 880 ABX2-15 ACA Advocacy Affordable Care Act AHCA AMA Anthem Blue Cross Assembly Assembly Bill Attestation Awards Big Tobacco Blue Shield of California Burnout CA CA Senate Cal INDEX California California Laws California Legislation California Society of Plastic Surgeons Californian Physicians Cameron Kaiser CCI CDC CEO Clearinghouses CMA CMS Coalition for Patient Access and Quality Care Committee Congress controlled substances Coroner Council on Graduate Medical Education Covered CA Covered Califonria Covered California CPT modifer CSPS CURES Cuts Deadlines deductible Delegates Delivery Models DHCS donate Drugs Dual Elligibles Ebola EHR eligibility Employment Law End-Of-Life Energy and Commerce Committee Republicans enrollment Exchange FAQ Federal Federal Legislation Feinstein Funding Future Gary Honts Grace Period Health Care Reform Health Reform Healthcare Rates Healthcare Reform Hernandez HIPAA ICD-10 IEHIE IEHP Imagine Plastic Surgery Increase Installation insurance JFK Memorial Hospital Kaiser Permanente Laws Legislation Legislative Alert Loma Linda long term disability LTSS MA Mahdi Managed Care marketing Meaningful Use Measles Medicaid Medi-Cal Medical Board medical practices Medicare member benefit MICRA Molina National Prescription Drug Take-Back Day Nomination Nominations Nondiscrimination Posting norcal Noridian Obamacare Insurance October 22 On-Call opiod opiod advocacy opiod crisis opiod enforcement opiod epidemic opioid opioid abuse Outstanding Palmetto GBA Patient Patient Care patients Payment Models PHA Physician Aid-in-Dying Physician Burnout Physician Recruitment Plastic Surgery POLST Practice Management practice managment Practice Mangement prescribing opiods prescription drugs President Priorities privacy Professional Liability Prop 46 Prop 56 Proposition 46 Proposition 56 Public Health Public Health Alert RCH RCMA RCMA Member Red Tape Reputation Retreat Risk Management Riverside County RIVPAC SB 491 SB 492 SB 493 SB 62 Scope of Practice Sequestration SGR social media State Capitol Stress Survey Telemedicine Tenet Thakur Law Firm Transforming Your Practice UC Riverside Vantage Virtual We Care for California Workers' Comp
Home   |   Physicians   |   Resources   |   Benefits   |   Events   |   About   |   Patients   |   Join
Copyright (c) 2019 Riverside County Medical Association