How to Avoid These 5 Common HIPAA Compliant Pitfalls

Wed, Jun 05, 2019
By: Jim Beran
How to Avoid These 5 Common HIPAA Compliant Pitfalls

Adhering to HIPAA regulations is a must for all healthcare providers and for any company that handles protected patient information. That means that your document storage, transportation, and destruction must all be HIPAA compliant.

At Gilmore Services, we understand the importance of HIPAA and we provide HIPAA compliant services to our clients. Along the way, we’ve learned a lot of about potential HIPAA compliance pitfalls that can trip providers up and lead to fines. Here are 5 pitfalls and how to avoid them.

#1: Lost Devices

Do you or your staff access patient information on mobile devices? If you do, you could be facing a HIPAA violation if the device goes missing.

Any device that’s used to store or access patients’ electronic health records must be secured with encryption. If a device is lost or stolen and you can’t prove that it was encrypted, you will be in violation of HIPAA regulations and be fined.

The solution is to strictly limit the devices used to access medical records and install encryption programs on approved devices.

#2: Texting Patient Information

Some medical practices offer patients the option of receiving text messages instead of emails or phone calls. However, texting lab results, diagnostics, or anything related to a patient’s health may leave the information vulnerable if the device you use (or their cell phone) isn’t secured and encrypted.

The solution is easy – don’t text confidential information to patients. While it might be convenient, it can also leave you open to a fine. After all, you can’t control the security of your patients’ phones.

Instead, consider adding a confidential, secure patient portal where patients can log in and access their lab results and medical records safely.

#3: Social Media Breaches

A lot of healthcare providers use social media to stay connected with their existing patients and attract new one. There’s nothing wrong with that, but HIPAA breaches can occur if you’re not careful about how you use social media.

An example would be posting a photograph that includes an image of a patient. That’s a violation of the patient’s privacy under HIPAA and could result in a fine.

It’s perfectly fine to use social media to promote your practice, but make sure you review all images and information before they’re posted and remove anything that might not be HIPAA compliant.

#4: Not Notifying Patients of a Breach on Time

One of the most common HIPAA violations occurs when a provider waits too long to advise patients of a data breach. The requirement is that any patient whose medical information has been affected by a breach must be notified within 60 days of the discovery of the breach.

Failure to comply with the timeline can result in steep fines. To avoid this HIPAA pitfall, make note of the date when you discover a break and take the appropriate actions to notify the patients who’ve been impacted quickly. Those aren’t fun calls to make, but they’re necessary if you want to be HIPAA compliant.

#5: Mishandling Medical Records

Paper records can be difficult to secure. It’s not uncommon for providers to accidentally leave patient files in a reception area or examination room. Likewise, they may leave a storage area unlocked or move records without the proper preparation.

The solution here is to create strict protocols for the handling of medical records. You should also consider partnering with an experienced records management company to store and move medical records according to HIPAA requirements.


Being HIPAA compliant requires careful planning and strict policies for the handling of medical information. The 5 pitfalls we’ve listed here are common but easily avoided.

Need assistance with HIPAA compliant storage or document destruction? Click here to learn how Gilmore Services can help.