Laws are there to protect you and those around you. That’s why it’s important to follow them, especially when you are responsible for the privacy and safety of other people. The most important law for a pharmacist is the Health Insurance Portability and Accountability Act of 1996, more commonly known as HIPAA.
Although HIPAA contains five parts, discussing topics like health care and medical services, the main provision of HIPAA is Title II, which enforces data privacy and security for medical information. Pharmacists do not have the right to release confidential information about a patient unless it is necessary to providing proper treatment (i.e. doctor, another pharmacist, etc.) Penalties for breaking HIPAA include fines from $100-$100,000 and imprisonment for 1-5 years, depending on the severity of the violations. It’s surprisingly easy to commit a HIPAA violation if you do not fully understand the law. Here are a few common HIPAA violations and how to avoid them.
Texting is a convenient way of communicating information. However, it can be risky, as cell phones can be easily hacked or overseen by those who do not have access to the information. Always password-protect your cell phone and laptop to avoid others checking your messages. Make sure not to leave your phone or laptop open when you are not using it. Phones can be encrypted to allow confidential information to be safely texted. However, both parties must have this encryption for it to work.
You just successfully counseled your first patient, so you snap a picture of you and your patient with their new medication and post it on Facebook. You get hundreds of likes on your photo. You feel like you’re top on the world, until you get called into the boss’s office for breaking HIPAA.
Taking pictures of your patients is a blatant HIPAA violation, as someone could easily recognize the patient and your place of practice. To avoid getting in trouble on social media, do not use name or other specific details (such as hometown) when talking about your day at work. Don’t friend patients on any of these platforms or send them confidential information via social media.
You’re having dinner with your friends, and one of asks you how work was. You tell them it was a pretty slow day until one of your mutual friends, Steve, stopped by the pharmacy. They ask you why Steve was at your pharmacy, and you tell them Steve was just there to pick up his cholesterol medication. This is a clear HIPAA violation.
Telling your friends or family about work might not seem as bad as posting this information on Twitter, but it still breaking your patient’s right to privacy. Be very careful when talking about work with your friends. Similar to social media, do not use name or any specific details that could reveal the patient’s identity.
Illegally Accessing Patient Files
Some employees will illegally access patient files out of curiosity or spite. Don’t be one of those employees. If I have to explain why this is a HIPAA violation, then you probably shouldn’t be working in a pharmacy.
The most common reason for HIPAA violations is not due to malicious intentions. Rather, it is because of a lack of familiarity with the HIPAA law. Often, only the managers will receive HIPAA training even though the law applies to everyone working in the pharmacy. If your workplace doesn’t already do HIPAA training, you can suggest to your boss to have a brief session on HIPAA and how to adhere to it. Make sure all HIPAA training manuals are up-to-date and that everyone in the pharmacy is familiar with them.
Next time you’re working in the pharmacy or telling people about your day at work, keep these tips in mind to avoid violating HIPAA and your patients’ medical privacy!