Monday, October 19, 2015

5 Common HIPAA Pitfalls

HIPAA Pitfalls at Physicians Practices

The following is a list of common HIPAA violations seen regularly in physician offices. Check your practice against this list to see if your staff commits the same common violations, and if so, address these problems in advance:

  • Not providing the Notice of Privacy Practices (NPP), even though they require patients to sign a statement indicating they had been provided with, and read, the NPP.
  • Not having documented internal information security and privacy policies for staff members to follow.
  • Exposing PHI to anyone within the office facilities e.g., patient file folders left out on the check-in desk unattended, patient file folders left in the wall pockets outside examination rooms with health information facing out and visible, etc.
  • Healthcare workers asking for verbal confirmation of PHI in the waiting room or in front of other patients.
  • Not obtaining consent from patients to photograph or film them and then use the photos, video, or audio of the patient for marketing purposes.
Avoiding HIPAA pitfalls is something that can be accomplished with an effective compliance program that covers both HIPAA Privacy and HIPAA Security. Be sure your compliance program is effective enough to protect your office.

For more information on this and other topics related to HIPAA, HR, OSHA, and Medicare, please or visit our website at


Be sure to become a member of our Linkedin group by visiting;

To subscribe to this blog, enter your email address:

Delivered by FeedBurner