7 Ways Employees Can Help Prevent HIPAA Violations

There are several elements of working in healthcare that are not dissimilar from other careers in other industries. You need to come to work on time, work hard while clocked in, get along with the other staff members, be a good representative of your company and so on.

But there’s at least one aspect of working in healthcare that most other industries don’t need to worry about: violating the HIPAA Privacy Rule or Security Rule.

When a single employee’s actions result in a HIPAA violation, it not only results in major consequences for that individual, but also jeopardizes the entire organization.

If an employee or workforce member commits a common HIPAA violation, even in the most innocent way, the entire organization faces the threat of severe penalties, both financial and reputational.

Healthcare workers are on the frontlines of patient communication and information handling, so understanding the key ways to prevent potentially disastrous violations is critical. Here are seven ways healthcare employees can help avoid HIPAA violations.

Preventing HIPAA Violations

1. Be educated and continually informed

The first way to ensure staff members aren’t violating HIPAA is to educate and inform each employee on HIPAA regulations and when any changes are made or new information is released regarding those regulations.

Everyone should also be told what penalties they and your workplace will face if compliance isn’t maintained by all.

Hold in-office training to teach employees all they need to know about HIPAA privacy and security regulations and to answer any questions they might have. You or your HIPAA privacy office can conduct these training, or if you use HIPAA security software, many programs offer training courses and seminars for your office.

Take the necessary time to keep staff members knowledgeable of the HIPAA regulations and device standards they must follow to keep themselves and your organization HIPAA compliant. Education will take time, but it’s your best asset, so make the time to do it.

2. Maintain possession of mobile devices

The most common HIPAA violation today is mobile devices storing patient health information being lost or stolen.

Covered entities and business associates must keep their mobile devices secure and out of the wrong hands, so if an employee accidentally loses a laptop or work tablet, or leaves it unattended and it gets stolen, your business pays for that mistake. Continually remind employees to be aware of where mobile devices are at all times and to shut them down and lock them up when they’re not using them.


3. Enable encryptions and firewalls

Your next defense with mobile devices is enabling encryptions, firewalls and secure user authentication on every device. Some technologies can also remotely lock, or wipe (i.e. reset to factory defaults erasing all apps and data) using apps and software programs. This is your backup plan if a work device is lost or stolen.

Again, stress the importance of maintaining possession of devices and keeping the encryptions and firewalls up-to-date and user authentication hard to crack for employees handling these devices.

Accidents happen, but sometimes employees are just cavalier, so to help your employees and yourself remain HIPAA compliant, enable these security precautions on each mobile device your business has and lends out for employee use.

4. Double-check that files are correctly stored

Handling paper and electronic files is a tricky business. Misfiling a patient’s paperwork in a cabinet or saving it on the wrong computer drive or network is a costly mistake.

Many employees fall victim to this because they’re distracted while filing. Constantly remind employees who deal with patient files to focus on what they’re doing and double-check that they properly store and save files in the right folders and drives.

5. Properly dispose of paper files

Again, this is a human error problem. Too many of these cases have occurred because employees forgot or chose not to shred paper files before throwing them away.

An employee could be having a bad or busy day or is easily distracted by other employees, which causes them to overlook shredding papers with PHI on them.

The best way to avoid this problem and keep employees from violating HIPAA is to switch to an electronic filing system. If you still prefer paper files, make sure staff members double- and triple-check that they properly dispose of all paper files.


6. Keep anything with patient information out of the public’s eye

A minor way your company and its staff could be in violation of HIPAA laws is by having patient information in plain view to anyone who comes into your establishment. You can avoid falling victim to this small but careless mistake by:

  • Keeping patient folders closed
  • Avoid openly displaying appointment calendars in patient areas
  • Keepingyour computer monitors and mobile device screens hidden from patients and visitors

We found one hospital displaying their patients’ X-RAY on a wall-mounted, big-screen TV next to the nurse’s workstation area where other patients walk by.  Tell the staff to be mindful of these things and that if they notice something out of place to quickly take care of it before unauthorized eyes see it. Get everyone in the habit of keeping information concealed that needs to be.

7. Use social media wisely

Last but not least, express to employees just how crucial it is to use social media wisely.

The way we communicate with each other has changed. Now, many people spend more time messaging on Facebook, sending Tweets and sharing how their day is going via a collage of pictures on Instagram.

Social media usage has increased the likelihood of employees violating HIPAA. Your safest bet to have employees and the company remain HIPAA compliant is having a company rule not to post any text or pictures about what goes on in the workplace on social media or even on their personal blog.

Your organization or business could be severely fined for neglectfully hiring, training and/or supervising an employee if he or she posts something sensitive, even if by accident or only shares a small tidbit of a situation that doesn’t include any names. Employees and businesses must be extremely careful when dealing with social media.

Help Your Employees Stay HIPAA Compliant Today

In order for your organization to remain HIPAA compliant, each employee must be HIPAA compliant. By educating, informing and training employees on what HIPAA regulations they must follow and the consequences they’ll face from being non-compliant, as well as reminding them to be smart and use common sense, employees can actually help prevent HIPAA violations from happening.