3 common health tech mistakes you need to know

Featured image

Share this article

health technology, health technology mistakesEveryone in the digital health space wants to be HIPAA compliant and avoid HIPAA violations.

Health software developers spend substantial time and energy making sure their vendors are compliant, and ensuring their own systems are compliant as well.

But once compliant software or systems are installed in clinical settings, a new challenge arises: operating software and systems in ways that don’t create HIPAA violations.

It’s a fact. Even systems that meet every compliance requirement can be used in ways that create HIPAA violations.

We’re going to take a look at three of the most common mistakes people make while using technology that can lead to violations – and how to avoid them.

1. Sharing Login Credentials

Unfortunately, this is one of the most common ways to cause a violation.

HIPAA Regulations [§164.312 (a)(1)] require the use of “Unique User Identification” for all systems that contain or use PHI (Protected Health Information) that’s regulated by HIPAA.

In busy clinical settings, it’s tempting to share passwords with other employees to save time while providing rapid patient care. However, HIPAA strictly forbids this as it makes tracking down problems and errors nearly impossible.

HIPAA’s enforcers are more than happy to penalize medical entities who share logins as well as vendors whose systems don’t enforce unique user ID’s.

Think of it this way: you wouldn’t make copies of your house key for every neighbor on your block.

Likewise, don’t share login credentials with your co-workers either.

2. Sending Data to the Wrong Recipient

With so much going on in a typical clinical setting, sending data or records to the wrong party can happen in a heartbeat.

Entering a fax number incorrectly or mistyping an email address can quickly create data breaches that expose sensitive patient data, damage reputations, and lead to expensive HIPAA violations.

Best practices to avoid creating such violations are:

  1. Verify phone numbers and email addresses against approved, carefully vetted lists;
  2. Double-check phone/fax numbers and email addresses every time before sending PHI; and
  3. Verify receipt of sensitive data with the recipient(s) after every transmission.

3. Displaying PHI to Unauthorized Persons

Let’s say you’re traveling.

Your laptop is configured correctly, you’re using a secure VPN for your connection, your email provider is HIPAA compliant, and data you’re sending and receiving is fully encrypted.

Every required HIPAA compliance element is in place.

So what could go wrong? Plenty!

If you’re in your airplane seat or the airport, catching up on patient-related work, and you inadvertently allow a person near or next to you to see PHI on your laptop screen, you’ve just created a potential HIPAA violation.

If the bystander reports the incident or files a complaint, you may have created an actual HIPAA violation – complete with an OCR investigation and monetary penalties.

This is an easy to avoid mistake that’s all too common. Be careful and watch out for shoulder surfers!

The same concept applies to computer screens in your office.

If a visitor to your office can easily see PHI on workstations while walking around, that’s a potential HIPAA violation. And the more sensitive the data, the more serious the violation.

The solution?

Turn office monitors or desks so visitors can’t easily see what’s on your screens. Or use add-on screen filters that allow viewing only from a narrow angle, directly in front of screens.

Conclusion

To avoid HIPAA violations, it’s not enough to just have HIPAA compliant systems, software and vendors.

Digital health technologies must also operate in a compliant manner as well.

Thorough employee training certainly helps, but common sense and a watchful eye are the best safeguards against these sorts of problems.

Make sure you implement the appropriate safety measures to protect those who entrust you with their PHI.

About MedStack

3 common health tech mistakes you need to knowThis post was written in collaboration with MedStack. Based in Toronto, Canada, MedStack, Inc. focuses on empowering broader innovation in health care by removing barriers to digital product development. MedStack’s platform provides built-in operations to streamline technical security, privacy legislation and data integration in health care. MedStack’s powers over 30 healthcare companies across North America with its one-of-a-kind cloud offering.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Arianna Etemadieh

Arianna is an Inbound Marketing Specialist at Paubox. In her free time, she enjoys cooking, traveling, and volunteering at the animal shelter.

Read more by Arianna Etemadieh

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022