Print Friendly, PDF & Email
| add this

Prying Eyes in Your Practice Present Pricy Penalties

Posted on 05/03/15

It’s become a near daily occurrence in our headlines; security breaches and data theft are an unfortunate consequence of modern technology. Typically, it’s the large-scale insider theft or loss of protected health information that makes the news, but the reality is that small practices are not immune to patient record snooping.

According to a recent Healthcare Information and Management Systems Society (HIMSS) security survey, 80 percent of healthcare IT professionals identified snooping on personal patient information by employees to be the top threat motivator for breaches. But not all snooping is conducted for the purpose of criminal activity. In fact, snooping is more often done out of curiosity,  peering into the records of friends, relatives or co-workers. Regardless of how minor the violation may seem to the perpetrator, patient record snooping is still a HIPAA breach that can result in fines of $1.5 million PER VIOLATION in cases of willful neglect. Most data breaches involve multiple violations, so it’s critical to take a proactive approach to ensure the security of your patients’ data.

As a small practice, it’s sometimes easy to become complacent with reinforcement of privacy and security policies and procedures with employees, but it’s important to take steps to avoid potential fines and damage to your reputation.

Here are a few tips to help curb snooping in your practice:

Conduct a security risk analysis:

There are a myriad of required assessments for both Meaningful Use and HIPAA compliance, including administrative, physical and technical security of patient information. Ideally, this analysis should be guided by an experienced compliance professional.

Have a clear employee sanction policy and review with staff regularly:

Every new hire should have both written and verbal orientation to a zero-tolerance policy on snooping. This policy should also extend to all business associates, including accountants, attorneys and IT professionals who may have access to patient records.

Let employees know that activities are being monitored:

What’s measured matters. When employees are aware that their access is under regular scrutiny, it may cause them to think twice before doing something inappropriate. It’s also best to eliminate temptation and give access to only the minimal necessary data, along with keeping up-to-date password protection on files and prohibiting password sharing.

Regularly audit who is accessing patient records and develop a formal process for providing access:

Your office manager should create controls for granting and terminating employee access to patient records. Access needs to be monitored regularly and modified as roles change and employees leave the practice.

Data from the Department of Health and Human Services indicates that more than 41.4 million people have had their protected health information compromised in a reportable HIPAA privacy or security breach. While a major healthcare system can take a million-dollar security fine hit and keep going, costly violations like this can ruin a small practice. Make certain to keep your practice safe and secure.

If you have additional questions, please contact your KB Healthcare Consulting Senior Medical Consultant, Johna Kennedy-Preston, CPC, at (941) 953-7451 ext. 1423 or .

About the Author

Johna Kennedy-Preston

Kerkering, Barberio & Co.
1990 Main St., Suite 801
Sarasota, FL 34236
(941) 365-4617

Ms Kennedy-Preston provides clients with expertise in revenue cycle management, coding education, managed care contracting, mergers and start-up ventures, Medicare recoupment and reporting issues, credentialing with insurance carriers and assistance with state and federal licensing. Guidance is also supplied for operational improvement, policy development, procedure design and implementation, including electronic health record set up and workflows, compliance with third-party due diligence and regulatory requirements, as well as training of healthcare professionals in critical topics, both fundamental and emerging.

Contact Us

location icon

Our Locations

Sarasota Office
1990 Main Street, Suite 801
Sarasota, FL 34236
Phone: 941.365.4617
Toll Free: 800.966.8676
Fax: 941.954.3207

Lakewood Ranch Office
9423 Town Center Parkway
Lakewood Ranch, FL 34202
Phone: 941.365.4617

Tampa Office
4350 West Cypress Street
Meridian One, Suite 930
Tampa, Fl 33607
Phone: 813.675.8800

Lets Get Started.



leading edge alliance move project logo green business logo 2017 IPA 200