Most Common HIPAA Violations To Know

Updated on February 11, 2021
Most Common HIPAA Violations To Know

Even if the medical office in which you work is yours, you won’t be the only one who has access to private data. It’s imperative that your employees understand the seriousness of holding medical records and the lawful duties attached to their positions. Ensuring that your staff is trustworthy and properly trained will help your office recognize the most common HIPAA violations to know and avoid.


Medical practices need to protect themselves against hacking whenever possible. Though it seems like something that would only happen in a movie, there are people who want to acquire others’ medical records for malicious intent. You don’t want to be the source of a breach of someone’s private information. Be sure to keep antivirus software updated and active on devices that contain medical ePHI (electronic protected health information). Additionally, create difficult and unique passwords that vary depending on the device, and change them frequently to prevent hacking.

Theft of Devices

It’s crucial that you safely store devices containing patients’ ePHI. If possible, the data should also be encrypted. At the very least, all devices need passwords, but without encryption, the information is still vulnerable. Encryption adds a layer of security to prevent the sharing of private information with the wrong individuals. Data encryption isn’t a strict HIPAA requirement, but if a device is stolen, you’ll have put extra barriers between patient information and the thief’s eyes.

Improper Disposal

When keeping paper medical records secure, you’ll have to consider the way you store them first and foremost. You need to lock away any physically accessible records that your office retains. Avoid keeping too much information on paper altogether if possible. This is a likely way for a breach to occur. Moreover, you should destroy old documents immediately. Filling a “to be shredded” box with highly sensitive patient data is an absolute mistake. Shredding should be done immediately, and it’s best to use a crosscut machine over a strip-shredding machine to ensure the pieces can’t be rejoined.

Acknowledging the most common HIPAA violations to know so that you can take the necessary precautions and establish training and protocols is essential. Don’t leave your business vulnerable by failing to work toward privacy breach prevention ahead of time.