Each and every day your practice is at risk of HIPAA violations even when you think you and your staff are following all of the rules. It can be easy to brush off certain protocals every now and then that can put your optometry software and information at risk. If you and your staff aren't taking the right precautions, you could be at risk for heavy HIPAA violation fines.
It's a good idea to keep open lines of communication with your staff about HIPAA compliance so that they know you are series about enforcing policies, and so they are comfortable asking questions and making suggestions when it comes to the processes in place in your practice.
Common Optometry Software HIPAA Violations and How to Avoid Them
1. Violation: Downloading patient information on an unsecure device
If your practice is using cloud-based EHR you have the flexibility of accessing your system from any device with an Internet connection, but that doesn't always mean that you should. Make sure that devices you're using are secured for accessing your patient's information. If you're accessing information outside of the office you need to be using a secure WI-FI network as well.
2. Violation: Sharing log ins and passwords between staff 
It should be a mandatory requirement in your practice for all staff to use their own log in and password information. Better yet, make it a requirement for your staff to change their passwords every 90 days.
3. Violation: Leaving a logged in computer unattended
Avoiding this HIPAA issue is just a matter of making it a habit of logging out of your system when you walk away from a device. Chances are you can also change the settings in your EHR software or device to automatically log out after a certain amount of time when not in use.
4. Violation: Leaving charts in view of wandering eyes
Your front desk area is the biggest trap for patient information being visible to others. If you're still working with paper charts, get your front desk staff in the habit of filing patient info as soon as they are done with it, and even if they aren't finished they shouldn't be leaving it out on their desk. If you're doing everything on the computer, screen protectors are an easy way to prevent information from being seen.
5. Violation: Incorrectly disposing of information
Whether it's digital or paper, all patient information needs to be destroyed of properly. Wiping any hard drives from devices (including things like your photocopier), and shredding all paper files are necessary steps to take. Placing signs near trash cans and shredding stations can be an easy way to remind your staff of proper disposal.
6. Violation: Lack of employee training and enforced compliance
Anyone who comes in contact with patient information needs to be knowledgeable of the HIPAA policies in place in your practice. This includes any contractors or volunteers you may have helping in your practice. As the OD or practice owner it's your responsibility to enforce compliance and show your staff the importance of staying on top of patient security.
7. Violation: Disclosing patient information without authorization
Before disclosing any patient information they must give consent on a patient authorization form. Forms need to be filled out fully with legal name, information allowed to be disclosed, and date of authorization. It's important not to let patients skip any of the HIPAA paperwork because they are in a hurry or your schedule is running behind.
For future tips on keeping your practice safe and secure, subscribe to the blog.
