In This Section      
Print This Page

Dome - 10 Ways You May Be Violating HIPAA

Dome December 2013

10 Ways You May Be Violating HIPAA

Date: December 2, 2013

10 Ways You May Be Violating HIPAA

Keeping patient information confidential is an essential part of care. Patients expect that their protected health information (PHI) will be kept private, and failing to guard it makes them question the quality of their health care. Under the Health Insurance Portability and Accountability Act (HIPAA), PHI violations can also result in professional sanctions and significant financial penalties.

At right are some actions you may not realize are privacy violations according to the Johns Hopkins HIPAA Office. Keep them in mind so that you’re in compliance and our patients’ information is secure.

Ways to Prevent HIPAA Violations

  1. Don’t access records for a patient who is no longer under your care because you are concerned about what has happened to him or her.
  2. Don’t post patient information on a social media site, even when the posting is done on your own private Facebook page, Twitter account, etc.
  3. Don’t post or share pictures of your workload or paperwork on your private social media site. Pictures can be enlarged to reveal protected health information on documents.
  4. Don’t post pictures of a Johns Hopkins patient on your private social media site, even when the pictures are taken during your non-work hours.
  5. Don’t download protected health information to an unsecured device (such as a laptop, iPad, cell phone, etc.) or computer to make the data more accessible for you to perform your job.
  6. Don’t check the medical record of a co-worker or friend because you are concerned for his or her well-being.
  7. Don’t use a medical record to find an address or phone number for personal reasons.
  8. Don’t share your log-in ID and/or password.
  9. Don’t leave your computer unattended while you are logged in to a system containing protected health information.
  10. Don’t discuss information about a current patient with his or her family member without authorization, or without knowing that the person meets the “involved in the patient’s care” standard.

To learn more, visit