After performing over 1,000 HIPAA Security Risk Assessments, you can imagine that we have heard some ridiculous statements concerning HIPAA. There is a LOT of misinformation about HIPAA. Here are the Top 10 ridiculous overheard HIPAA statements:
10) My IT company won’t sign the Business Associate Agreement because they said it is not valid unless it comes from the government website
9) We have HIPAA covered. We have a manual
8) Our EHR is HIPAA certified so we are HIPAA certified
7) We are a small practice, HIPAA doesn’t apply to us.
6) No it wasn’t encrypted but it had a password. Is it still a breach?
5) We don’t have any Patient Information on our desktops – right before we showed them a report with over 600 patient social security numbers on one of their desktops
4) My iPhone is encrypted so any emails that I send with Patient Information will be encrypted
3) Our attorney says he is not a HIPAA Business Associate even though we disclose patient information to him
2) Of course we do backups! We keep the backups right on the server in case we need to restore.
1) My Business Associate can’t have a breach, they signed a Business Associate Agreement
Free HIPAA Security Training!
All Covered Entities and Business Associates need to train their employees on HIPAA security. We now offer free online HIPAA security training for Covered Entities and Business Associates. Find out more about our free training and send the information to ALL your colleagues and Business Associates.
Now it is easy to train your employees on protecting patient information!
Leave a Reply