by Jesse Collier

We know you want to follow HIPAA compliance privacy laws to a tee. Your patients’ privacy means a lot to you, and you have no intention of breaking laws to spread their personal health information to unauthorized people. Unfortunately, information can get lost or unintentionally shared. Even if you believe you are HIPAA compliant, there is a very real risk that you may be violating privacy laws. Thankfully, we can help with that. Exym EHR software very secure and ensures your mental health organization meets all HIPAA compliance rules.

The 4 Main HIPAA Compliance Rules

HIPAA violations are very serious. In fact, you could get fined or face criminal charges if you do not follow the rules. Therefore, let’s review the four primary rules of HIPAA:

  • Breach Notification Rule: If you are aware of a data breach in your system, your organization must notify the affected individuals within 60 days of the breach.
  • Privacy Rule: The information you gather about a patient cannot be shared with anyone without the patient giving you permission to share it and/or being aware that you are sharing the information with someone else. For example, you cannot share a patient’s file with a member of their family unless that patient knows about it and gives you permission to do it.
  • Omnibus Rule: Patients have the legal right to access their own health file.
  • Security Rule: Organizations must have strict measures to protect their patients’ private information. This includes (but is not limited to) digital security, such as antivirus software and encrypted passwords, physical security, such as security cameras on the premises and enforced offices, and administrative systems, such as Exym.

8 Ways You Could Be Violating HIPAA Privacy Laws

No doubt you are already very conscientious about your patients’ privacy rights. However, you may be unwittingly violating HIPAA laws. To help you assess your risk, below we review eight examples of HIPAA violations. These are not the only violations that are possible, but they are very real examples of ways organizations just like yours could get into serious trouble with the law.

1. You’re indiscreet with paper files.

It is easy to leave paper files around the office in highly-trafficked areas. However, any paper files that contain sensitive information about your patients must be handled with discretion. For example, if you take a paper file out of the file cabinet and lay it on a table or desk, it is possible that unauthorized people can gain access to it. This is a violation of HIPAA’s privacy rule and security rule. Additionally, if you dispose of the paper file without shredding it, you are again leaving it open to unauthorized access.

What’s the best way to avoid this violation? Go paperless by switching to an EHR software system like Exym. A secure, cloud-based system ensures that only authorized people can access your patients’ information.

2. You use a digital communications service that is not HIPAA compliant.

Since the pandemic, telehealth communications have become a very popular and convenient way for patients to communicate with health professionals. Unfortunately, not all communications services are HIPAA compliant. For example, if you are using Skype, Facetime, or another non-compliant service to conduct your telehealth communications, you are in violation of HIPAA’s security rule.

To keep your telehealth communications up-to-date with HIPAA compliance laws, use Exym’s telehealth feature, which is powered by Zoom. This is a secure, HIPAA-compliant communications service.

3. You are sending unencrypted emails.

Are the emails your organization is sending encrypted? Some popular email providers do not provide encryption services, or they do encrypt it during transit but store it in plain text on their server. All emails carrying sensitive information must be encrypted to meet HIPAA requirements.

4. Your signatures are illegible.

If you have signed paperwork containing an illegible signature, you are in violation of HIPAA security laws. Signatures can be handwritten or electronic, but if they are illegible, they must be accompanied by a printed name.

5. You have sent emails to the wrong patient.

It is very easy to send an email containing sensitive information to the wrong email address. Therefore, make sure your staff is trained to double-check (maybe even triple-check) the recipient of the email.

6. Your employees have access to unnecessary information.

It is common for mental health organizations to give their employees access to all the data in the system. Most likely, your employees do not need access to all the data and files. They should only have access to the files that pertain directly to their jobs. In fact, it is a security risk to allow employees to have too much access to patients’ private information.

Ensure employees can only see the files they need. Do this by setting up an authorization system that gives specific permissions to certain employees. An EHR software system like Exym makes this easy to do.

7. Your office lacks protection against theft, phishing, and hacking.

HIPAA’s security rule states that your organization must have strict measures to protect your patients’ private information. Therefore, the physical security of your premises is very important. Only give keys to employees who absolutely need them, and install security cameras to keep a constant eye on your offices. The digital security of your information is vital, too. All your computers, apps, and other logins must have strong, encrypted passwords. You should also install antivirus software to prevent breaches.

8. You have waiting room indiscretions.

This last violation is common, dangerous, and can easily go undetected. The waiting room is one place where private patient information is often revealed. For example, a patient’s name can be heard in the waiting room. Or an employee may say a patient’s diagnosis out loud when other people are present. You may even have a bulletin board or chalkboard in view of your waiting room that lists the day’s patients. Staff must be aware of what they are allowed to say in the waiting room, and what they should only say in the privacy of an office or examination room.


What Can I Do to Ensure HIPAA Compliance?

Be better informed about HIPAA privacy laws and how your organization can meet them. Fill out the form below to download a HIPAA compliance checklist. Use the list to ensure your organization is fully compliant, so you don’t unintentionally violate any laws. Filling out the form will also add you to the Exym mailing list. You’ll receive helpful information from the EHR software system that is dedicated to giving you secure, functional abilities that allow you to provide the best care to your patients.