How to Prevent a HIPAA Breach


January 18, 2021

HIPAA (Healthcare Insurance Portability and Accountability Act) is not new. First proposed in 1996, the law was created to protect employees’ health insurance coverage between jobs, to combat waste and fraud by health agencies, and to begin the process of computerizing patient records. In 2013, policies and procedures were enacted to enforce the HIPAA, and to outline the costs of a HIPAA breach. These regulations broadly cover three categories:

  • Physical: Physical access to data storage
  • Technical: Protecting the transmission of PHI
  • Administrative: The outline of procedures that entities must follow to comply with HIPAA

The Enforcement Rule passed in 2006, giving HIPAA the power to investigate potential breaches via HIPAA violation reporting and to fine, and even criminally charge, individuals and organizations not complying.

What is Considered a Breach of HIPAA?

There are many things that will lead to HIPAA violations, but here are a few of the more common ones:

  • Unauthorized access of PHI
  • Failure to conduct risk analysis
  • Lack of safeguards to protect confidentiality of PHI
  • Failure to have HIPAA-compliant business associate agreements with vendors with access to PHI
  • Improper disposal of PHI, including keeping it when it is no longer needed
  • Failure to maintain and monitor PHI access logs
  • Lack of HIPAA training and cybersecurity awareness training
  • Mishandling PHI including texting it and posting it online
  • Not allowing patients to access their PHI
  • Failure to use encryption or other protective measures when transmitting or storing PHI
  • Failure to follow HIPAA violation reporting guidelines, including notifications of a HIPAA breach
  • Failure to document HIPAA compliance efforts

Now that telehealth and remote work have become acceptable ways for organizations to continue to see and treat patients, HIPAA compliance has become even more complicated.

How Can My Organization Prevent a HIPAA Breach?

There are common sense ways you can help protect your healthcare organization from a HIPAA breach, including:

1. Data Encryption is Key to Prevent HIPAA Breach

End-to-end data encryption is a key component to protecting PHI, both in storage and at rest. While the Federal rules don’t require encryption, many states do.

2. Rigorous Firewall and Antivirus

A bad actor can’t use information s/he can’t access, and a good way to keep PHI safe is layering a rigorous firewall, antivirus, and email filter. The best choices in cybersecurity tools will be fueled by AI technology.

3. Cybersecurity Awareness Training

Teaching your staff to be your cybersecurity frontline will help them recognize, and avoid, phishing attempts, malware, spoofing, and ransomware (among others). It will also allow you to introduce a HIPAA-specific Acceptable Use Policy, providing guidance for using device, accessing your network, and what sites can be used while on your network or a work-issued device.

4. Dispose of PHI Documents Safely

Make sure you hire a paper-shredding agency, or put your own documents through a shredder to make sure all outdated PHI is permanently destroyed and disposed of in a safe way. A paper-shredding agency will provide receipts as proof that the records were shredded appropriately lower your organization’s liability in the face of a potential HIPAA breach.

5.  Business Associate Agreements

In other industries, this would be referred to as third-party vendor management. HIPAA has taken the concept and tightened down requirements to ensure that every business that has access to PHI is also compliant with HIPAA.

6. Keep PHI Private

Your staff must be educated to understand that it is never ok to post PHI on social media, to gossip about patients, or to text identifiable patient information. An identity access and management platform is an important way to ensure that PHI is limited to the staff who needs it to perform their job duties.

7. Device Mismanagement

Now that so much work can be done remotely, employees must be more careful than ever with the devices they use to access your network. Some commonsense device security features would be:

Integris, a HIPAA Compliant Industry Leader, has you Covered

Integris has the HIPAA seal of compliance and the knowledge our healthcare and dental practices need to stay safe and free from a HIPAA breach. Contact us now for a free, no obligation consultation and learn how Integris can keep your HIPAA compliancy stress free so you can focus on what is most important: your patients.

Want to assess your own HIPAA compliancy? Download this free, no risk, no obligation HIPAA telecommuting policy and make sure your organization is staying HIPAA compliant and protected from a HIPAA breach, even while working remotely.

HIPAA Telecommuting Policy
We're Integris. We're always working to empower people through technology.

Keep reading

Bridging the Gap between Automation and Innovation

Bridging the Gap between Automation and Innovation

Automation and Innovation. Some people might say those two words cancel each other out. Yet, I believe these two concepts can create capacity for each other—if your business leverages the free time automation creates to foster innovation. Automation can be...

Why Is My Laptop Draining So Fast?

Why Is My Laptop Draining So Fast?

Before You Replace Your Laptop Battery, Try These Fixes First Stuck with a laptop that’s running out way before it’s standard 8-10 hours of run time? Don't throw it out just yet.  Try these quick fixes to extend its life: Reduce your screen brightness If possible,...