6 Home Care HIPAA Violations to Take Very Seriously

By Kayla Matthews, HealthIT writer and technology enthusiast, Tech Blog
Twitter: @ProductiBytes

HIPAA is something that should be in the back of every health care professional’s mind. This act protects patient health information (PHI), but in a casual setting such as the home, it can be easy to overlook HIPAA and your responsibility to your patient.

Here are six home care violations you should take very seriously, and ways you can avoid them.

1. The Perils of Casual Conversation
As a home health care worker, you likely become comfortable around the patient’s friends or family members. This is to be expected, as you’re spending time in their house, but it can also put you at risk for inadvertently revealing protected health information in casual conversation. You might not even think about it, but mentioning someone’s health to one of their friends, or a family member who isn’t cleared to have that information, can be a serious HIPAA violation.

The easiest way to avoid this is to always be mindful of what you’re saying. You don’t need to be silent, but don’t converse with anyone but your patient or their designated representative about protected health information. There are plenty of other things you can chat about, like the weather, recent sports games or new movies coming out. Become a master of small talk and learn how to steer the conversation away from protected topics.

2. Information Security and Storage
Working from a patient’s home means you’re storing and transporting health records — electronic or otherwise — that need to be kept secure. Losing patient information, or leaving it where others can access it, is a violation of both HIPAA and patient trust.

Be mindful of where you’re storing patient information if you don’t return it to the office at the end of every day. Paper files should be kept in a locked box or filing cabinet, and electronic ones should be stored on a password-protected device. Be aware of where these items are at all times. Losing an electronic device with patient information on it, even if it’s password-protected, could constitute a HIPAA violation.

3. HIPAA and Cybersecurity
Cybersecurity is becoming an increasing concern across home health circles as more facilities make the transition to electronic health records instead of traditional paper ones. The Department of Health and Human Services even has a whole section on its website dedicated to HIPAA and cybersecurity. The most important thing to remember is to never send or receive protected information on unsecured networks. This means no public Wi-Fi. Depending on the security levels, it may also mean you can’t send files using a patient’s home network.

One way around this is to invest in a mobile hotspot with the highest level of security that is only used for sending and receiving patient files. This gives you access to the tools and data you need to effectively complete your job, while still remaining HIPAA compliant.

4. Remaining as Effective as Possible
Home health care services are one of the fastest-growing industries in the world, increasing by 60% between 2012 and 2022. As a home health care worker, you need to take whatever steps necessary to protect yourself and ensure you can complete your job as effectively as possible. Create a workplace safety checklist that includes things like preventing injuries during patient handling. According to OSHA, sprain, strains and other issues caused by moving patients are the most common afflictions in the home health industry.

Protecting yourself will help you provide the best care possible for your patients.

5. Accessing Other Patient Files
This might seem like common sense, but it happens more often than you might think. Accessing files for patients other than the ones you’re caring for isn’t just immoral — it’s also a massive HIPAA violation. Medical professionals have been fired for this — in one case in 2017, a hospital worker accessed records for 769 patients that she wasn’t treating.

The easiest way to avoid this is to comply with all rules regarding accessing patient files. Don’t access any information that doesn’t directly pertain to the patients that you’re currently working with.

6. Using Personal Devices
Personal mobile devices are a convenient way to stay in contact with friends, family and co-workers, but they should never be used to convey patient information. While texting isn’t strictly a HIPAA violation, there is almost no way to ensure the information is going to the correct version. Sending any personally identifiable data to the wrong recipient just once constitutes a violation of HIPAA.

Don’t use personal devices to store or transmit patient data and avoid things like text messaging, which could also cause problems.

Always Be Mindful of HIPAA
Home health care won’t be going anywhere anytime soon, but it’s up to each and every person in the field to ensure HIPAA is being upheld.