The HIPAA law to protect patient health information is quite well known by personnel in most physician offices. There still remain, however, some questions regarding HIPAA’s rules and regulations. Providers who are not up to date with changes in the law risk potential violation that could not only damage a practice’s reputation but cause criminal and civil fines.The Health Insurance Portability and Accountability Act, commonly referred to as HIPAA, was established in 1996 to set national standards for the confidentiality, security, and transmissibility of personal health information.Healthcare providers are required, under the HIPAA Privacy Rule, to protect and keep confidential any personal health information. It also sets limits and conditions on its use and disclosure without patient authorization. The Rule also gives patients rights to their health information, including rights to obtain a copy of their medical records, and request corrections.HIPAA does have exceptions to the rule, however, such as if it hindered the ability to provide quality healthcare services. One example is discussion between two physicians who are both treating a patient. In addition, peer reviewed activities, disclosures needed by health plans to resolve billing questions, and other similar situations are exempted.The Department of Health and Human Services defines covered entities as healthcare providers, health plans, and healthcare clearinghouses, which include hospitals, physicians, chiropractors, dentists, optometrists, schools, nonprofit organizations that provide some healthcare services, and even government agencies. However, those affected by HIPAA does not end there.HIPAA violations can result in substantial fines to a practice ranging from $100 to $1.5 million. Healthcare providers can also be at risk for sanctions or loss of license.We list below some of the more common reasons for HIPAA violation citations:1. Employees disclosing information – Employees’ gossiping about patients to friends or coworkers is also a HIPAA violation that can cost a practice a significant fine. Employees must be mindful of their environment, restrict conversations regarding patients to private places, and avoid sharing any patient information with friends and family.2. Medical records mishandling – Another very common HIPAA violation is the mishandling of patient records. If a practice uses written patient charts or records, a physician or nurse may accidentally leave a chart in the patient’s exam room available for another patient to see. Printed medical records must be kept locked away and safe out of the public’s view.3. Lost or Stolen Devices – Theft of PHI (protected health information) through lost or stolen laptops, desktops, smartphones, and other devices that contain patient information can result in HIPAA fines. Mobile devices are the most vulnerable to theft because of their size; therefore, the necessary safeguards should be put into place such as password protected authorization and encryption to access patient-specific information.4. Texting patient information – Texting patient information such as vital signs or test results is often an easy way that providers can relay information quickly. While it may seem harmless, it is potentially placing patient data in the hands of cyber criminals who could easily access this information. There are new encryption programs that allow confidential information to be safely texted, but both parties must have it installed on their wireless device, which is typically not the case.