HIPAA pitfalls at physician practices

Written by Reed Tinsley | April 10, 2009

Reproduced from [name of publication] © 2008 HCPro, Inc., 200 Hoods Lane, Marblehead, MA 01945. 781/639-1872. www.hcpro.com. Used with permission.

The following lists the following common HIPAA violations seen regularly in physician offices. Check your practice against this list to see if your staff commits the same common violations, and if so, address these problems in advance during training:

  • Not providing the notice of privacy practices (NPP), even though they require patients to sign a statement indicating they had been provided with, and read, the NPP.
  • Not having documented internal information security and privacy policies for staff members to follow.
  • Exposing PHI to anyone within the office facilities (e.g., patient file folders left out on the check-in desk unattended, patient file folders left in the wall pockets outside examination rooms with health information facing out and visible, etc.)
  • Healthcare workers calling out the full names of patients in the waiting room or in front of other patients.
  • Not obtaining consent from patients to film them and then use the video, or to tape audio with them for marketing purposes.
  • Selling prescription information to marketing and pharmaceutical companies, often as an additional revenue stream.
  • Not providing any training or ongoing awareness communications, or providing training just once, and never again.
  • Insecure disposal of PHI, such as unshredded into open and publicly available trash bins, into the trash dumpster behind the office building, etc.
  • Not documenting or retaining information about PHI changes and access for the required six years.

About the Author

Reed Tinsley CPA

This article is written by Reed Tinsley, a Houston, TX-based CPA with over 30 years of experience advising physicians and medical practices across Texas and the United States. Reed holds certifications as a Certified Valuation Analyst (CVA), Certified Healthcare Business Consultant (CHBC), and Certified Financial Planner (CFP), specializing exclusively in the healthcare sector. He is a published author, nationally recognized speaker, and trusted advisor to physicians on accounting & tax, practice management, and financial planning. Schedule a Free Consultation.

Have questions? I’m here to help.