Accidental Violation of HIPAA Compliance

Patient information secrecy is of utmost importance for any healthcare organization and medical professionals due to the risk of being compromised, exposed or accessed. With initiatives and innovation in healthcare IT space by various federal agencies (particularly CMS) and health care providers throughout the country over the years, have embraced healthcare IT innovations to secure healthcare data.

Most providers even today use conventional processes to send and receive medical referrals which could lead to an accidental violation of HIPAA (Health Insurance Portability and Accountability Act of 1996) rules which sets the standards to the use and share of patient-related information to ensure security.

In best practices, referrals are managed by referral coordinators who are in charge of sharing patient information, setting appointments and ensuring closure of the referral loop. The referral coordinator and other staff may be committing HIPAA violations in the following manner:

1. Triplicate Forms– Commonly, medical referrals are conducted using triplicate forms and it contains patient identification information. Such forms are circulated to the Specialists’ office and a copy is kept at the PCP’s office.

2. Patient Information Faxing– Hospitals and clinics relay a lot on faxing. Patient information for referrals are sent via faxes and it is not uncommon for providers to misplace such documents.

3. Use of Personal Portals and Storing Devices– For the ease of communication healthcare providers and referral coordinators repeatedly make use of their personal communication devices or portals like emails, cell phones etc.

According to HIPAA, all those above scenarios fall under the category of accidental violation of HIPAA regulations and such violators are subject to a penalty ranging from $100 dollars to $50,000 per violation depending on how the violation is categorized as.

It is not rare for providers to find themselves in these circumstances like many have in the recent past. Some due to negligence don’t comply with HIPAA regulations and on the other side of the spectrum for criminal activities involving staff misuse. Providers could take immediate actions against this issue and cut their risk in half.

a. Educating your staff on the threat to patient information, HIPAA violation and penalties involved.
b. Establishing standard procedures for staff to follow while dealing with medical referrals.
c. Likewise establishing security infrastructure to secure health data in hospital servers and cloud.

In the long run, these measures will not be enough. These methods do not have the capacity to manage large numbers of medical referrals and providers cannot divert much of their resources to maintain an IT team when there is always a shortage of helping hands.

Healthcare providers need to move away from paper triplicate forms and fax machines and embrace Referral Management Solution.

HealthViewX Referral Management Solution is a comprehensive, multi-channel solution that is secure as it is functional.