Medical privacy is important on a personal level for patients. It is also critical for the statutory compliance of medical professionals and health care businesses. The Health Insurance Portability and Accountability Act (HIPAA) created very strict federal guidelines for medical privacy.
Those working in the medical sector can potentially violate HIPAA. Doing so can lead to personal consequences in the form of disciplinary action or licensing penalties for the professional involved. There may also be fines assessed that can range from over $100 to more than $2 million, depending on the circumstances. HIPAA violations are more common than people may realize, and the five mistakes below are among the most frequent violations reported.
1. Curiosity-based record access
People working at a medical facility might recognize a patient seeking care there. Perhaps they went to high school with someone they saw in the waiting room, or maybe they recognized a celebrity. In either case, they may attempt to access internal medical records not due to their involvement in providing care but to satiate their own curiosity. Such access is a violation of privacy rights and could lead to consequences if discovered.
2. Denying record access
One of the most important provisions of HIPAA allows a patient to obtain their medical records from a care provider. While facilities do have the right to charge a fee for copying or printing records, they cannot outright refuse to provide patients with their medical records because of their contents.
3. Inappropriate record sharing
Maybe the parents of a 20-year-old left incapacitated after a car crash want information about their child’s treatment and history. Perhaps another local medical professional has asked for imaging test results. Without the appropriate signed paperwork, outside parties generally have no right to access medical records, regardless of their professional status or relationship with the patient.
4. Failing to clarify policies
Generally speaking, medical facilities and health care providers must inform all new and existing patients of their policies regarding HIPAA and personal privacy. They should provide a printed copy of that policy or make it available electronically. Failing to do so can constitute a HIPAA violation.
5. Posting to social media
Social media marketing has become incredibly common, especially in dermatology and plastic surgery. What professionals share online could allow others to identify their patients in some cases. Doing so could lead to allegations of a HIPAA violation and substantial fines.
Establishing appropriate privacy policies and carefully complying with HIPAA are of the utmost importance for health care businesses and professionals. Health care professionals starting their own practice and those accused of HIPAA violations may require insight into the law. Seeking personalized legal guidance is a great way to get started.
