Manage Learn to apply best practices and optimize your operations.

HIPAA violation examples: The five most common mistakes


Internal threats, lack of workforce security spell HIPAA violations

Source:  yogysic/iStock
Visual Editor: Sarah Evans

In addition to putting the appropriate controls and security in place to ensure that outsiders don't get ahold of ePHI, OCR said that it's also important to make sure that workforce security is in place and that the staff within the healthcare organization has appropriate access to certain personally identifiable information for patients.

OCR said that organizations must "[i]mplement policies and procedures to ensure that all members of its workforce have appropriate access to electronic protected health information … and to prevent those workforce members who do not have access … from obtaining access to electronic health information," as part of the healthcare organization's workforce security plan.

One hospital is using technology that allows them to see who has been accessing what information within their EHR, enabling them to see whether someone is accessing information to which they shouldn't have access.

View All Photo Stories