HIPAA Violations and Healthcare Risk Management

HIPAA Violations and Healthcare Risk Management… Know the Risk.

Last month, we started covering the most common HIPAA risks that lead to a violation. Our first blog talked about outside vendors and breaches related to unsecured patient information. In this article, we’re going to cover ePHI and healthcare risk management.

HIPAA Violation Scenario.

As an organization, you probably store confidential patient information electronically. This information may be on laptops, tablets, servers, phones, and other portable devices. When you access information, it’s probably a click or two away. One day, a potential breach is flagged. You correct the breach and continue on your way, sharing information back and forth. Unfortunately, you have also committed a HIPAA violation.

Why Is This A Violation?

In the above scenario, it may be difficult to track exactly where the violation comes from. Let’s take it step by step.

ePHIs and HIPAA:

ePHI stands for Electronic Protected Health Information. When you store information electronically, it must meet HIPAA protection guidelines at all times. The first part of the violation comes from how the information is stored. In the above example, it does not mention how the information is being protected from possible breaches. This is incredibly important because protected patient information cannot be stored on any device in just any way.

Laptops, computers, tablets, phones, etc. must have software on their hard drives to protect ePHIs at all times. If an unprotected device is stolen, your organization will be at risk for receiving a HIPAA violation.

Risk Management:

Breaches can occur at any time. Being a victim of a breach does not mean you’ll receive a violation. But, a violation can occur if you don’t run a risk analysis and follow up with a risk management process. In the above example, after the breach, the ePHIs were still shared back and forth in the same manner as they were prior to the breach. If the organization was conducting continuous risk analysis, the ePHIs would not be vulnerable. The analysis would flag the transmission and usage of the information as an issue. From there, a risk management system would be put in place to further protect against a breach.

Creating a Risk Management Process.

Risk management starts with the information systems you’re using. Always pick the right system that allows you to protect your patient information with the necessary amount of HIPAA compliance. Next, you will want to select and implement the appropriate amount of security controls. This is similar to a system that will not allow you to log in from two different locations at once.

Limit the amount of access you give individuals. A person should not be able to get into the system without providing the appropriate credentials. Make sure the system’s security controls lock login access down if too many failed login attempts are made. Finally, make sure to monitor the system continuously. If a breach happens, correct it, and improve your security system.

Before you go…

Risk management is an ongoing concern for organizations like yours. With the right procedures in place, HIPAA Violations can be kept to a minimum. Our company specializes in helping you take steps towards keeping your company in compliance at all times. Give us a call today to learn more about HIPAA compliance and what you need to do to stay current. 

Have You Fallen Victim to this HIPAA Violation?

HIPAA violations are a serious issue that cost companies lots of money every year. Avoiding a violation seems easy enough; keep your information secure. But it may not be that simple. There are a few situations where just having the right intentions can cause you to accidentally create a violation. Over the next few articles, we're going into detail regarding the most common examples of HIPAA Violations. Our first example: Business Associate related violations.

Read more

HIPAA and Ransomware…How Do You Protect Yourself?

The internet has become a breeding ground for new kinds of attacks. The newest one to grace our presences is ransomware. What exactly is ransomware? It can be easily defined as a piece of malicious software or virus software that requires a sum of money be paid before it is removed. Several large companies have fallen victim to this horrible attack.

Read more

Document Management Can Be Your Ticket to HIPAA Compliance!

If you’ve been following our blog this year, you understand how important it is to keep your patients’ information safe. The best way to keep everything secure is to use an electronic or computer-based system. But over the years, poor document management solutions have created more issues than they have solved. In this article, I’m going to share what you can do to safeguard your electronic records while keeping them HIPAA compliant and within the HITECH parameters.

Read more

Are You At Risk For a HIPAA Violation Penalty?

Ever since HIPAA went into effect in 1996, healthcare providers have sought different ways to protect themselves against potential violations. Although most violations can be easily corrected, the penalties and fines can cost you lots of money and can include jail time. If you work with patients and handled their protected information, keep reading so you can learn what common factors lead to HIPAA violations, what the penalties are for a violation, and how you can protect yourself.

Read more

What is the Role of a Risk Survey

Under HIPAA, there are two broadly-defined Rules which apply to covered entities and business associates. The first is the Privacy Rule that governs sharing information between covered entities and business associates. The second is the Security Rule, which governs security against unauthorized access to protected health information (PHI).

Read more

Expanded HIPAA Audits in 2017

Many private practice owners’ eyes gloss over when anyone speaks to them about HIPAA or HITECH or compliance or any possible combination. Since HIPAA was first passed, audits of covered entities has increased significantly since 2014 due, in no small part, to several highly publicized data breaches. While many small practice owners believe themselves immune to the OCR’s scrutiny, the landscape will change in 2017.

Read more

New Feature: Secure Cloud Storage

We're proud to announce a new feature has been released. All Partner accounts now include up to 1 GB of secure storage for additional documentation. Now, your organization can keep all your audit-related documents in a single, secure location. We will continue to archive your service providers' annual risk surveys and signed Business Associate Agreements, but you can upload additional documents you may need. And we won't count the documents we generate against your quota. Start your free trial and manage your HIPAA compliance.

Read more

What is a Business Associate?

Under HIPAA, all covered entities are responsible for their business associates’ compliance status. We’ve already made reference to two classifications HIPAA recognizes, but what’s the difference? What is a covered entity and a business associate? Read on to find out more about how these two classifications are covered under HIPAA.

Read more

Sign Up Now
Start 30-day FREE trial

Are You Vulnerable?

In the event of an audit, will you pass with flying colors? If you don't have signed Business Associate Agreements and updated Risk Assessments, you may be forced to pay large fines for violating HIPAA security and/or privacy rules.

Subscribe to our monthly newsletter to learn more about how Compliance Clinic helps medical practices like yours with HIPAA compliance requirements.

Your Name
Invalid email address
risk assessment

Annual Risk

Partner accounts invite their service providers to sign up for a free account and complete a risk survey. Surveys are completed online and retained for download by both parties in the event of an audit.

Invite Service Providers


Service Provider Agreements

Compliance Clinic provides you with a HIPAA-compliant agreement which your Business Associates electronically sign. Automated reminders let them know it's time to renew the agreement.

Start Free Trial

pre screen

Associate Pre-Screening

Invite potential Business Associates before services are provided so that you can assess the risks a new business relationship may introduce before potentially exposing protected health information.

Plans & Pricing

cloud solution

Cloud Based Solutions

Compliance Clinic is cloud-based, with no additional software to install, and offers a hassle-free alternative to managing your service providers on your own networks. We give you the time to do what you do best.