The Five Biggest Mistakes Small Practices Make with IT Compliance
HIPAA received around 170,000 complaints in 2017. Between taking care of patients and working on administrative tasks, it is easy for data privacy and IT compliance to get lost in the shuffle. While it may not be the focus of your job, mistakes made with HIPAA regulations and poor IT practices can cause massive headaches for your entire practice.
Is your practice making big mistakes with your patient’s data? Keep reading for the top five biggest IT compliance mistakes that you need to avoid.
Being Lax with Passwords
As simple as protecting your password is, it’s also the easiest security rule to break. Many people keep a small post-it note next to their computers with various passwords and security question answers written down, or keep their login written down in a nearby notebook. Even in a typically closed office, any written passwords that are accessible to you could be accessible to the rest of your staff (or unwelcome visitors) that could use those passwords against you.
Similarly, do not share passwords. Laws require the use of “Unique User Identification” in order to protect patient data. It can be tempting to share credentials with coworkers as a way to treat people more quickly, or avoid setting up another login, but it can make tracking down errors and problems far more difficult than it needs to be.
Sending Information to the Wrong Recipient
With the goal of making life easier, many devices use services like autofill to complete forms and fill in passwords. This can make actions quicker, but can also make it easy to send an email or message to the wrong person. When information, particularly protected patient health information or PHI, gets sent to the wrong individual you have a pretty serious problem. Punching in the wrong number for faxes can also lead to simple mistakes causing HIPAA headaches.
In just the first half of 2017, unintended disclosures including misdirected emails or faxes accounted for 42 percent of industry breaches.
When you are about to send information, it is a good idea to check and double check where the information is headed. If you have a way to verify that the message is received, such as email read receipts, this can help make sure the right person received your message.
No (or Bad) Risk Assessment Processes
A ransomware attack on the Arkansas Oral Facial Surgery Center not only locked the clinic out of files, images, and details of patient visits, it meant that 128,000 people had their data exposed. Many hackers target the data centers of small practices and hospitals and hold their information hostage.
Making sure that your patients’ information is safe is vital. The right training, tools, and resources can improve your security. Completing your HIPAA required Security Risk Assessment will help your practice identify vulnerabilities and areas for improvement. Your practice needs to understand its weaknesses, so you can keep these attackers at bay.
Hosting Your Data in the Wrong Place
Many small practices opt to have servers onsite, which may keep your data close but can quickly become costly. Outsourcing to the cloud reduces these server maintenance costs as well as better protects your data from violations or breaches. Even simply leaving a server accessible instead of in a locked room can constitute a HIPAA violation, and having servers without additional security can make them easy targets for hackers.
Switching to cloud hosting makes these challenges easier to manage and reduces your practice’s IT spending. Cloud hosting is used by 83% of healthcare organizations, and it can help protect your practice.
Failing to Keep Up to Date with Regulations
Every single year, there are new laws and changing regulations put in place. Staying current with these is an absolute must. Clinics that were fine a few months ago may not be compliant now. Particularly with the growing number of cyberthreats, new requirements and constantly added to protect your patient’s information. When it comes to compliance with the law, knowledge is half the battle.
If you have any questions about health information technology services, we can help. We’ve been experts in the industry since 2003, keeping small practices agile and adaptable. Our services are customizable, and healthcare IT is our specialty. Contact us today for more information.
- 1. CMS Changes Name of EHR Incentive Programs and Advancing Care Information to “Promoting Interoperability”
- 2. The Top 5 Benefits of Staying Independent as a Physician
- 3. Long Island Provider Exposes Data of 42,000 Patients in Misconfigured Database
- 4. CMS to Fund $30 Million in Grants for New Quality Measures
- 5. Chronic Care Management Program Saving Money, Improving Care
Affordable Care Act (ACA)
chronic care management
Doctors Administrative Solutions
electronic health records
Health Information Exchange (HIE)
Merit-based incentive program
quality payment program