7.2.2 Actions That Violate the Enforcement Rule

There are several ways in which healthcare providers can violate the Enforcement Rule, including:

Unsecured Records

The documents containing patients’ PHI should be kept in a secure location. This should be explained to the staff during their training.

If there are physical files containing a patient’s PHI, they should be locked in a cabinet with only authorized individuals having access to these cabinets. Similarly, digital files should be secured with passwords.

A violation of the Enforcement Rule occurs when a staff member or covered entity is unable to secure digital and physical PHI.

Lack of Employee Training

Any employee who has something to do with PHI should be educated and trained according to HIPAA regulations. This is not a recommendation; it is a requirement.

So, if healthcare staff is not trained and educated about HIPAA regulations,the entity is considered to be violating the Enforcement Rule.

PHI Sharing

When healthcare providers with access to PHI communicate with other individuals, they should be careful about giving away or discussing PHI. Also, whenever PHI is being discussed, alertness is required.

Conversations about PHI should not be made public as this might lead to a violation of the Enforcement Rule.

Disposing Records Incorrectly

One of the essential steps in maintaining the security of PHI is the correct disposal of the data.

All medical staff should know that any PHI-containing papers should be shredded (to render the data unreadable) before being disposed of.

Notify of
0 Discussions
Inline Feedbacks
View all comments
Post a comment

Leave a Comment

Your email address will not be published. Required fields are marked *

Would love your thoughts, please comment.x