Most improper disclosures are caused by complacency, poor training, or lack of attention. These kinds of lists are good reminders of some of the biggest types of violations. Of course, Covered Entities should provide this, and more, to employees and business associates.
From Security Boulevard:
1. Unsecure internet access. Transmitting e-PHI over unsecured networks, such as Wi-Fi networks at a coffee shop, internet cafe, or even at home, can increase the risk of patient data becoming accessible to hackers.
2. Improper handling of paper-based PHI. Paper-based procedures are still commonly used for some elements of a healthcare organization’s operations. This may result in unauthorized access to PHI. For example, if a remote employee prints out patient information from their family printer, the household may access these files.
3. Improper disposal of files. Improper disposal includes disposing of files, physical or electronic, in a way that information can still be read or accessed by unauthorized individuals. …
4. Unauthorized devices. HIPAA rules require all devices that use, gather, store, or transfer e-PHI to be safeguarded by specific security controls. Employees often use multiple devices to complete their daily tasks, so it is possible to use a device their organization did not authorize unintentionally. …
5. Insufficient compliance training program. Business associates and covered entities are required to renew their HIPAA certifications annually through compliance training programs. All staff, including remote employees, must complete compliance training.
6. Lost or stolen records. The HIPAA Security Rule outlines security and safeguards to ensure minimal risk of unauthorized access to PHI. …
7. Incorrect filing of PHI. Incorrect filing can result in unauthorized access to PHI. For example, if a health care provider sends digital X-ray results to the wrong physician or patient information to the wrong patient …
8. Phishing scams. Phishing scams are a common way cybercriminals trick individuals into accidentally revealing passwords and other sensitive information by sending them communications that appear to come from a reputable source. Refresher courses for all employees on cybersecurity awareness can help reduce these risks. …
9. Unencrypted data. With most communication occurring through text, email, and other messaging platforms, it’s easy to forget how vulnerable that information is. If PHI is not encrypted appropriately, there is an increased risk of cyberattacks, threats, and data breaches. …
10. Lack of physical security. For example, leaving paper PHI unattended in communal rooms of the house or on the table at a coffee shop increases the risk of theft or unauthorized access to these files.
Source: 10 HIPAA Violations to Watch Out for While Working Remotely – Security Boulevard