HIPAA violations due to ransomware and other cybersecurity have been in the new a lot lately. So would it surprise you to know that of the most common HIPAA violations, none of them involve ransomware or malicious malware? In the second part of this two-part blog series, we discuss another five common HIPAA violations:

Illegal Access to Patient Files: If a healthcare organization’s employee accesses patient information when they are not authorized to, no matter the reason, this results in a HIPAA breach. If an employee uses or sells PHI for personal gain, the employee could be subject to fines and/or prison time.

Social Breaches: HIPAA breaches also occur in social settings. If a patient isn’t aware of the laws surrounding HIPAA and patient privacy, it is possible they will ask a question of a fellow patient or doctor regarding someone’s care which technically violates HIPAA. Clinicians should try to formulate answers that do not release private patient information.

Written Consent: Most healthcare organizations provide patients with an authorization form asking the patient who they can speak to about their care. Before releasing any information about a patient, the health organization should reference the patient’s signed authorization form.

Remote Access: Many physicians and other clinicians access the organization’s network and patient data from home or other remote locations after hours in order to complete their job tasks. Remote access to patient data can lead to a HIPAA violation if screens are left on and are visible to the people around them. No matter the workstation or smartphone used to access patient information, at a minimum it should be password protected and extra care should be taken to make sure any unauthorized persons can’t see or access patient data.

Lack of Training: One of the most common reasons for a HIPAA violation, is simply a lack of knowledge regarding HIPAA. A healthcare organization should make HIPAA training a priority for everyone working at the organization including doctors, staff, and administrators.