If you are a fully trained HIPAA professional whose day to day existence revolves around maintaining compliance this post is not for you. If on the other hand you are a busy member of staff at a doctors office or other smaller medical facility it probably is, since even after all these years there is still a huge amount of confusion about what does and does not constitute a HIPAA violation. Here are some of the most common myths about HIPAA compliance that are heard in medical facilities across the country over and over again:
HIPAA only regulates electronically transmitted data – Oh if only it were so, the life of a HIPPA compliance officer (and anyone else in the medical field) would be so much easier. But no, HIPAA applies to all forms of communication: written, verbal and any form of electronic transmission, including personal e mail notes and social networking posts.
If improperly released information is not exploited, there is no violation of the law – In many of the cases of improperly released PI that have hit the headlines over the last several years no one had any way of telling how and if patient data had been been exploited after the release of information but they still got hit with the big fines and penalties. It is the act of improperly releasing the information that is the violation.
Dentists, optometrists, nurses, and pharmacists are exempted from HIPAA regulations – We actually heard this one – from an individual employed in one of the aforementioned professions -and were flabbergasted. HIPAA governs anyone and everyone who creates or handles patient records – right down to the high school kid who works part time filing charts. Hopefully the professional who was under this misguided impression has now taken a serious crash course in HIPAA compliance.
Little HIPAA violations don’t matter, no one will ever find out – This is unfortunately the mentality of many employees in smaller medical offices. In fact though all it takes is one patient complaint and the whole office will be under serious scrutiny. And just as a reminder, the maximum fines and penalties for failure to comply with the HIPAA laws are $250,000 and 10 years imprisonment. Not to mention the damage the resultant inevitable bad publicity will have on any practice in both the short and the long term.