Skip to Content
Close Icon

Four Common HIPAA Violations (And How to Avoid Them!)

Posted On: February 4, 2018

Four Common HIPAA Violations (And How to Avoid Them!)

Do a quick search of recent HIPAA violations, and you’ll find headlines proclaiming multi-million dollar settlements for breaches resulting in the loss of hundreds, thousands, or even millions of patient records.

Yes, it’s true that the health care industry is the number one target for cyberattacks, and you should use the technology and resources available to you in order to secure your patients’ data. However, there four other common violations that fail to make the headlines but are potentially as devastating as experiencing a cyberattack. Check out these tips from our affiliate company, and leading HIPAA compliance experts, The van Halem Group.

Mishandled Medical Records

With all the talk of cyberattacks, one might think that keeping all patient records as hard copy could limit exposure. It’s important to remember how easy it is to misplace a document and how difficult it can be to pin down who has accessed it. Don’t leave medical records out in the open. Ensure that they are filed and locked away to prevent records from falling into the wrong hands.

At some point, you will have a need to dispose of some records, either because they are outdated or you’re transitioning to digital storage. Proper steps should be taken to ensure PHI is disposed of properly. Consider working with a secure document shredding company. To learn about proper disposal methods, you can visit the U.S. Department of Health and Human Services website at

Social Media

Social media is thoroughly ingrained in everyday life. Many of us take pictures and post regularly as part of our default setting, not considering the content making its way onto the internet. But, when it comes to HIPAA, there are some precautions that must be taken. Never post a photo of a patient without written consent. Without proper documented consent, you’re compromising that patient’s protection. One of the best and simplest ways to prevent this is to ensure all employees are aware of the HIPAA policies in place to prevent the sharing of PHI.

Employees Disclosing Information

Violations aren’t limited to what gets posted on the internet, however. Employees should be mindful of where they’re discussing topics about patients and who they’re discussing it with, even around the watercooler at work. Keep these conversations with friends and family to a minimum as well to avoid sharing PHI.

This can be easier said than done in close-knit communities, but asking a medical professional about a friend can lead to a breach as well. If you find yourself in this situation, be sure to have a canned response ready that explains you cannot disclose any information about a patient.

Accessing Patient Information on Home Computers

Information security officers dislike this as well, referring to “Bring Your Own Device,” or BYOD. However, sometimes you have to take your work home with you. Your computer should never be left alone or without password protection when it handles PHI. Exposing it to family members or having it shared to the wrong online channels can lead to significant fines.

To learn more about HIPAA compliance and how to best prepare and protect your business, contact The van Halem Group here

Article by Kelly Grahovac – The van Halem Group

The van Halem Group  has become one of the nation’s most respected healthcare audit and consulting firms. Together, their team has more than 130 years of related experience. They have worked collaboratively with key government stakeholders, such as Centers for Medicare and Medicaid Services (CMS), the Office of Inspector General (OIG), Medicare administrative contractors (MACs), recovery audit contractors (RACs), zone program integrity contractors (ZPICs), private payors, and other government contractors and agencies.  This expertise provides clients the benefit of knowing proper communication channels and processes reducing the regulatory burden.
The van Halem Group is an affiliate company of VGM Insurance Services.


Denotes required fields