Dermatology

HIPAA Guide for Dermatologists
Best Practices, HIPAA

The Dermatologist’s Ultimate Guide to HIPAA Compliance

October 22, 2024 No comments yet

October 22, 2024 Did you know that a dermatology center was fined over $300,000 for violating HIPAA?  HIPAA compliance is not always top of mind when managing your dermatology practice. Administrative tasks can easily take a back seat with a focus on diagnosing and treating skin conditions. Nevertheless, it’s crucial to prioritize HIPAA compliance.  Discover what steps you need to take to ensure the safety of your dermatology practice.   What’s Protected Health Information?  Protected Health Information (PHI) is sensitive data that can personally identify a patient. Examples of PHI include a social security number, birth date, medical records, and even images of skin ailments for dermatologists.  These images can contain personally identifiable information, such as tattoos and unique birthmarks.  When working with patients, it’s crucial to ensure all images and other forms of PHI are encrypted and protected behind essential safeguards to secure patient information.   Social Media 101s When sharing images of your patient’s treatment, such as before-and-after images of acne treatment, it’s important to do so compliantly. While you might think you’re sharing a feel-good story, patient images are considered Protected Health Information (PHI), and sharing them without consent could violate their privacy.  You need the patient’s signed media consent form to share these images and patient reviews on social media compliantly. This form ensures that the patient understands and agrees to use their image and treatment details being shared with the public.    Improper Disposal The largest dermatology HIPAA fines, totaling over $300,000, were imposed due to improper disposal. Some states have even stricter laws regarding discarding old patient files, which must be retained for at least six years on a federal level. These files also need to be encrypted throughout the creation to disposal process.  When getting rid of sensitive information, ensure it is shredded and properly disposed of. Partner with a disposal company specializing in medical paperwork and waste and have a Business Associate Agreement in place.   How Software Solutions Can Help Dermatology helps patients feel comfortable in their own skin, both literally and figuratively. Implementing the appropriate safeguards to protect patients’ data is just as important. By utilizing smart software, you can see where your dermatology practice stands and what you need to do to be compliant. To learn how you can protect your dermatology practice, schedule a consultation with an expert.   

OCR Settles Case Concerning Improper Disposal of Protected Health Information
Fines, HIPAA

OCR Settles Case Concerning Improper Disposal of Protected Health Information

August 24, 2022 Comments Off on OCR Settles Case Concerning Improper Disposal of Protected Health Information

August 24, 2022 When it’s time to clean out and organize that ole garage, you probably want to take time to make sure all your sensitive and sentimental items – files, photographs, etc. – are in the right spot before taking them to the dump. It should be no different when it comes to disposing of old devices or hard drives at the office that contain sensitive ePHI, yet practices continue to fail. In recent news, the OCR announced a settlement for a dermatology practice located in Massachusetts that failed to properly dispose of protected health information. As a result, the dermatology practice agreed to pay the hefty fine of $300,640 to the OCR and implement a Corrective Action Plan to resolve the investigation. It may be obvious that paper records require proper disposal – in most cases, shredding or recycling – so that the information cannot be read by the wrong parties. Despite this being common practice,  the Massachusetts dermatology practice had PHI that was exposed. Improper disposal is even more common when it comes to disposing of electronic protected health information (ePHI) properly. It is critical that your practice understands how and where to dispose of PHI. But what exactly constitutes proper digital data disposal? Disposing of your PHI is not as simple as clicking the delete or trash button. If you do not completely delete these files from your devices, they can be recovered using high-tech software. The following are some thorough methods for properly disposing of PHI: There are lots of devices that could have been used to store PHI even though you would never realize they do. These devices include: Before you burn those electronic devices in a campfire, remember that HIPAA requires practices to keep PHI for at least 6 years, and maybe longer depending on your state. Devices containing data that is older than six years should be backed up before being wiped clean, and data should be encrypted while being kept. At the end of the day, whether it is boxes of important documents in your garage at home or PHI at your very own practice, it is critical to dispose of it properly and safely.

Concerned about HIPAA & OSHA compliance requirements in 2025? Join our live webinar for expert answers to the most common questions to ensure your practice is protected.

REGISTER TODAY
X