Four Sneaky HIPAA Violations to Watch For

If your practice/company/firm has to deal with HIPAA related issues, we empathize with you. Preventing HIPAA violations requires both vigilance and diligence and is a major time-investment for business owners, CEOs, and your head of practice.

Advocate Health in Chicago recently was fined $5.5 million for several HIPAA violations, nearly all related to gaps in the healthcare IT and HIPAA security procedures. We’ve encountered HIPAA gaps with local-based firms as well, and there are four really common but very sneaky HIPAA-issues to watch out for:

Contractors and vendors having unauthorized access

This can be so frustrating because many businesses that fall under HIPAA often meet the requirements at some point but then as the business grows/changes over time, access may be inadvertently granted. We’ve seen phone vendors or security camera systems that have ports left open, for example. Another one is a remote access tool may have been used by a support vendor and left on the server.

Open Ports on Firewalls.

Not everyone dots every i—we’ve seen firewalls installed with unnecessary ports left open. Often this is due to the person/firm setting up the network using these openings to initially set it up and test it; but they forget to close the holes. Finding those openings and closing them down is a key to passing HIPAA compliance.

User Permissions and Shares

Too often users are granted inappropriate permissions such as admin-level access to shared files or shared folders or even shared drives. Oftentimes, users might have admin-level access to their own PC which can cause an inadvertent data breach. Knowing what level each of your users’ permissions should be, and holding to that structure, will keep your HIPAA compliance in the green; and keep your firm from the very real risk of losing “green” to HIPAA fines.

Insecure Data On Remote Devices.

Smartphones, tablets, using personal devices are commonplace in today’s mobile workplace. If your organization faces HIPAA rules, having data secured on remote devices will keep you from HIPAA audit trouble. Remote devices need secure remote access systems and data needs to be encrypted, including email especially if patient information might be transmitted. For example, having patient bills to be emailed to an unsecured remote device can violate HIPAA rules. There are easy-to-implement solutions, so don’t let these smaller devices cause you big headaches.

Having a thorough HIPAA compliance IT audit will show you where the weak-points are and how to fix them. IT systems used to be seen as only an isolated and, dare I say, “geeks-only” part of the day-to-day operations of healthcare-related firms. Today’s HIPAA compliance requirements puts your IT systems at the heart of your healthcare-related firm; and you need to check your IT pulse regularly to stay healthy.

If you deal with HIPAA compliance contact Groff Networks so we can help you be compliant.