The HR Legal News Blog

HIPAA Busts: Avoid Them By Learning from the Mistakes of Others

The Importance of HIPAA and PHI Compliance

HIPAA has become a topic of intense interest to The Department of Health and Human Services, which recently published its annual report to Congress on breaches of unsecured protected health information (“PHI”).  Reviewing data from 2009-2012, HHS noted that the three most significant causes for a breach of unsecured PHI were theft of electronic devices or paper records, loss of electronic media or paper records, and unauthorized access or disclosure of records containing PHI. In particular, theft of laptop computers containing unsecured PHI remains a persistent problem.

How can plan sponsors reduce the risk of a breach of unsecured PHI? Some practical suggestions may be found in the report’s summary of remedial steps taken by entities that reported a HIPAA breach involving the PHI of more than 500 individuals.  These HIPAA compliance suggestions include:

  • Performing a risk assessment;
  • Adopting encryption technologies;
  • Installing new security systems;
  • Relocating equipment and records to a more secure area;
  • Training workforce members who handle PHI
  • Performing a new risk assessment;
  • Updating business associate agreements to include more detailed provisions concerning the protection of health information;
  • Providing free credit monitoring to customers.