Get Care

HIPAA: Patient privacy rule

April 4, 2016 Quality and innovation
Last Reviewed By Steven J. Gamburg, MD

You know the importance of HIPAA privacy rules. But do you know the legal penalties for HIPAA violations? Fines range from $1,000 to $50,000 per violation. And in cases of false pretenses or malicious intent, fines of $1,000,000 and 10-year prison sentences are possible. Reduce your liability by following these rules:

  • Emails – Send patient information through the Main Line Health provider portal or from Main Line Health email accounts. Type “encrypt” in the subject line.
  • PHI record disposal – Shred paper; wipe devices; where necessary, destroy hard drives.
  • Private means private – Unless authorized by the patient, don’t tell family members or neighbors about your patient. Don’t discuss patients in any public area. If you aren’t involved in a patient’s care, don’t review their medical record.
  • Use Main Line Health devices, not personal devices – Don’t store patient information on personal devices. Use Main Line Health encrypted devices, such as your Main Line Health laptop.
  • Be a mentor and an educator – Remind your colleagues, staff, family, and the community about HIPAA privacy. It’s the right thing to do. And it’s the law!

For more rules and information, go to the government’s website at hhs.gov/hipaa. If you have questions, contact the Main Line Health Legal Department or Compliance Office.

Steven Gamburg, MD, is president of the Main Line Health Medical Staff, chair of emergency medicine at Main Line Health, and a diplomate of the American Board of Emergency Medicine.