Steps You Can Take to Avoid HIPAA Violations


The HIPAA, or Health Insurance Portability and Accountability Act (specifically, the Privacy rule) requires that employers protect health information within electronic health care transactions. Though the process may seem daunting, taking the proper steps is actually quite simple.

Businesses regularly deal with violations of the HIPAA Privacy rule. According to the U.S. Department of Health and Human Services, around 91,000 complaints of HIPAA violations were filed between 2003 and 2013. Data show that the majority of the complaints originate from physical theft of data, followed by disclosure of data without patient authorization, and losing data.

The civil penalty for HIPAA violations is a hefty $50,000 per violation. US Bio-Clean offers expert consulting services to help businesses deal with HIPAA.

Businesses can easily avoid the majority of HIPAA violations by following a few basic procedures.

Limit Access to Important Areas

In rooms where medical data is stored, access must be limited to certain personnel only. Areas that fall into this category will include those that house any computers, intranet servers, data centers and archives. Restricting access will reduce the risk of physical theft of data.

Improving security in the workplace can spare employers from potential issues. Installing doors that require keys to close off important areas is a recommended method to limit access. You can use sophisticated security and biometry devices for additional protection.

Ensure Timely Responses to Patients’ Requests for Personal Data

Long response times to requests for access to personal information are among the most common HIPAA complaints. This is a problem in many businesses because of outsourcing, inadequate staffing or lack of training. HIPAA mandates businesses respond to consumer requests to medical records within 30 days. If the business has problems accessing the information on-site, they must provide notice to the consumer within 60 days.

Training or re-training employees on procedures can rectify the issue. Businesses that outsource medical data have to choose between sending requests to improve response times or ultimately changing outsource providers.

Regularly Review and Improve Security Procedures

Keeping one step ahead of data hackers is an effective way of preventing HIPAA violations. If data hackers find that your business has robust security, the likelihood of data breaches is diminished.

Risk assessment remains the best method to identify vulnerabilities. Examine security procedures such as identity verification and encryption of data, and make improvements where necessary. Update security software and change passwords on a regular basis to improve security. Install and maintain remote wiping/disabling on mobile devices so you can erase or lock a device if it is lost or stolen.

Regularly Update Contingency and Incident Response Plans

Breaches of data can occur despite the best efforts to boost security. To stay prepared, keep and update a contingency plan twice or more each year. Keep logs of data breaches and any related incidents. In addition, have guidelines to follow to help notify consumers in case of a breach of their personal information.

Though not exactly preventive measures, contingency procedures can reduce damage caused by a data breach. Logs are required by HIPAA. Complete and regularly maintained logs can reduce your liabilities in case of a breach.


All of these steps are worthless if your employees are not trained to follow through. Set aside a few days every quarter to train employees. Violations will likely require more training. Train all your employees in all aspects of security.

Pay Attention to Security Because it Matters

Health information is valuable. In the wrong hands, it can be used to commit fraud. Victims’ personal information can be used for unauthorized purchases, or access to bank or social security accounts.

Maintaining proper security and data access procedures can reduce the risk of HIPAA violations. These measures not only improve security, but also improve the quality of the workplace. And sticking to these procedures improves the general outlook of the company. Business is better when people know that data from transactions and personal information is secure.


Are You Current on Your DOT Training?

DOT training is required every three years and reviews how to prepare medical waste for transportation and disposal. Are you up-to-date?

Learn More