Posted on by Chris

I frequently write about compliance matters for my eDiscovery clients. I drafted this list for a client’s blog and cut it, but it’s worth sharing here. Compliance is hard because it covers so many areas, and employee foibles can get you into some serious trouble. Let’s take HIPAA noncompliance as a common example.

  • Medical records mishandling. In a busy hospital it is all too easy to leave a chart in plain sight. On the digital side, electronic communications such as texting are subject to intrusion.
  • Gossip. Employees who gossip about a patient are in serious violation. Gossip isn’t just loose talk; it’s also sharing when you shouldn’t on social media.
  • Not getting authorization before release. Sometimes HIPAA authorization forms can seem like overkill to employees and patients. But an employee who ignores the need for the form can get in trouble under the Privacy Rule.
  • Missing devices. Losing laptops and mobile devices containing PHI can trigger HIPAA fines. If the data is encrypted then the process isn’t too painful; but if it’s unencrypted, the consequences can be very serious. (Amazingly enough, this happens frequently.)
  • Non-compliant data access. Employees may review health information out of ignorance, curiosity, or illicit gain. No matter the reason, this illegal practice can get very expensive and potentially criminal or litigious.
  • BYOD. In these days of using personal devices for work, employees need to be careful to treat their personal devices with the same level of security as work devices — and IT needs to give the the means to do so.

 

Leave a Reply

Your email address will not be published.