HIPAA violations due to ransomware and other cybersecurity have been in the new a lot lately. So would it surprise you to know that of the most common HIPAA violations, none of them involve ransomware or malicious malware? In this two-part blog series, we will break down the 10 most common HIPAA violations:

Employees Sharing ePHI: One of the most common HIPAA violations occurs when an employee gossips to friends, family, or coworkers about patients. According to HIPAA, employees must be aware of their environment and try to constrain conversations containing patient ePHI to private places and avoid sharing patient information with anyone outside the practice.

Mishandling Medical Records: If a practice utilizes paper patient records, nurses and physicians may accidentally leave the chart in a place that it is available to other patients. Printed medical records must be kept safe and locked away out of the public’s view.

Lost or Stolen Devices: This common HIPAA violation is probably one you see in the news the most. Theft of ePHI through lost or stolen laptops, smart phones, or other devices containing patient information can result in HIPAA fines. Any devices containing patient information should have the necessary safeguards in place including password protection and disc encryption.

Texting Patient Information: Physicians and other healthcare organization workers should not text patient vital sign information to each other unless a secure messaging platform is being used.

Social Media: It is a HIPAA violation to share patient information on social media including photos. It may not seem like a violation if the patient name is not mentioned, however, it is possible someone will recognize the patient which is a breach of patient privacy.