There are many common business practices that are not HIPAA compliant.
These are the top 5 items that most companies are in violation of:
- Storing protect data on a 3rd system. Dropbox, Google drive, or any other unencrypted storage site without a business agreement.
- Sending emails with protected information unencrypted. If you are sending protected data it must be encrypted. This seals the data and ensure only the recipient can view the data.
- Passwords set to never expire. Password must be changed periodically and are not to be shared with others or post on computers, under keyboards, taped to monitors, etc.
- Using free email services. Using Gmail, Aol mail, Hotmail, Yahoo, etc. to send protected data. It is unencrypted and many of these providers reserve the right to scan your email. There is also no BAA (Business Associate Agreements) with these companies.
- Continually employee training. Employees’ must be trained and continue to trained on HIPAA compliance and security protocols to ensure protected information stays protected.
Being HIPPA compliant is not difficult or costly. It is a matter of being consistent and keep your networks and processes up to date with current regulations.