HIPAA Training and Data Breaches: Are You Protected?
In November 2018, 3,230,063 health care records were exposed, stolen or disclosed without permission, according to the HIPAA Journal. Despite efforts to protect medical records and make sure employees understand what can and cannot be disclosed, breaches continue to occur.
Despite an emphasis on cybersecurity, November 2018 was not only the worst month of the year but the second consecutive month there was an increase in breaches and record exposures.
These are alarming statistics. In the first half of 2018, there were fewer exposures in total than in just November alone. Since the Health Insurance Portability and Accountability Act was made into law in 1996, patients were assured this would protect the privacy of their medical records and ensure the confidentiality of their medical information. Even though electronic medical records were being used in the 1970s, it was the common use of computers in the 1990s that made electronic medical records widespread.
Once the internet became the way for medical systems and offices to communicate, the possibility of record breaches became a real problem.
Everyone has while some people have heard of HIPAA, but most people don’t they may not really understand what it means in detail other than it should protect their records from unauthorized views, keep medical information confidential unless they give permission otherwise, and allow patients to view their own records. From the perspective of an employer, HIPAA is a complex and constantly changing law requiring ongoing employee training to ensure the number of breaches does not keep increasing.
For employers, data breaches are costly and damaging to their reputations. HIPAA violations can be as high as $50,000 per occurrence with a maximum penalty of $1.5 million per violation.
What Are The Most Common Breaches?
1. Keeping Unsecured Records
Records containing Protected (or Personal) Health Information (PHI) should be kept in locked cabinets, or require secure passwords to access digitally.
2. Encrypted Data
Although not required by HIPAA, encrypting data provides another layer of security so hackers don’t get into the system. Some states have laws requiring encryption of PHI.
Keep antivirus software updated, use firewalls and unique passwords, and monitor your systems constantly.
4. Loss or Theft of Devices
With the advent of portable devices storing data, the possibility for theft or loss becomes a concern. Encrypt the data, use password protection, and store the device in a secure location.
5. Gossiping/Sharing PHI
This is strictly off-limits, and breaches will result in fines. Employees should never discuss patients’ medical information to any unauthorized person.
6. Employee Dishonest
Viewing PHI by unauthorized personnel is a violation of HIPAA standards.
7. Improper Disposal Of Records
Records need to be shredded, destroyed, or wiped from a hard drive.
8. Unauthorized Release Of Information
Only family members of dependents or those with a Power of Attorney can have access.
9. Third-party Disclosures
This is the area where training is needed the most. Who needs to know? Patients, doctors, billing departments, or related services are the usual recipients. It may be difficult to understand if someone should have access and data breaches can result.
One of the problems with HIPAA compliance training, besides the changing components of the law, is what needs to be included in a training program. There are no specific requirements for training mandated by HIPAA.
Here are some basic areas to keep your training effective and you protected:
- What is HIPAA?
- Why is HIPAA important?
- HIPAA Definitions
- Patients’ rights
- Breach notifications
- BAA agreements
- Safeguarding ePHI
- Potential violations
- Employee sanctions
There are many effective online providers of HIPAA compliance training, usually done through a Learning Management System (LMS). Effective training should contain interactive activities, real-life scenarios, immediate feedback on choices and why they are right or wrong, and examples of problems the employees will face and how they were are concluded successfully.
A HIPAA compliance training course helps inform and educate your employees on the latest regulations to follow.
Why Choose Online Training For HIPAA?
Navigate the course at a pace that fits your learning style.
Learn on your schedule-without the inconvenience of time away from the office.
3. Expert-Created Content
Take a deep-drive into a topic with content development by industry leaders.
Save when you choose affordably-priced training with no additional travel costs.
HIPAA is a complicated yet necessary law to govern our changing healthcare health care system. Without it, sensitive information could fall into the wrong hands, resulting in fines and a lack of trust from the community. If your HIPAA training is in need of a makeover, don’t hesitate. Do it today.
Ready to start your compliance training? The KnowledgeCity Learning Library offers more than 14,000 online video courses. Each course features interactive exercises that can be easily customized to include your company’s information. Jump start your program today.