The HIPAA or Health Insurance Portability and Accountability Act ensures that all patients’ personal information is remained private and they take this very seriously, therefore guidelines have been put in place for places like insurance companies and hospitals to ensure this, as well as penalties for non-compliance.
A variety of different situations are covered regarding PHI or protected health information. To ensure compliance of HIPAA laws, employers are expected to offer training to avoid any type of violation.
The Internet is the first to explore being that it plays an important role in healthcare today; in fact it is actually encouraged as an electronic medium for the communication and management of PHI. But, it can also be a prime cause of violating HIPAA and PHI laws if not used carefully. This type of breach can occur accidentally when emails get sent to the wrong people by employees or mass email is used.
This typically happens when unauthorized sources intercept communication, therefore it is recommended by HIPAA to encrypt this type of information. There are many violations that are made willfully such as when confidential information is posted on health related websites by employees.
The Press Media can also easily pose a violation. This typically happens when confidential information is accidentally leaked through magazines or newspapers. Usually, this type of breach happens with politicians or celebrities. Often times, information is given out by doctors to the media about well known people in the hospital, but, likewise this is considered a breach as well and should be left to appropriate parties.
Another concern is personal information given out to family members, however, although it seems harmless, it is still a violation of this law. Written authorization by the patient is needed before disclosing any personal information, even to family members.
Another common violation happens when there are too many people handling private information and it is accidentally disclosed. Therefore, it is best if only specific employees have access to this information. Also, only access this information as needed as too much access can become suspicious.
In addition, it has become common for a violation to happen not so much by lacking in security measures, but by poorly implementing them. A good example would be if an employee forgets to lock up the computer and private information is left unprotected and becomes available to anyone.