To help you along, any of the items marked with an asterisk (*) are risks that have led to HIPAA violations and fines from the Dept. of Health and Human Services.

1. A laptop that’s lost or stolen*
2. A USB drive that’s lost or stolen*
3. A smartphone/tablet is lost or stolen
4. Printed records that aren’t properly shredded*
5. At a third party vendor*
6. An email received by someone other than your patient
7. A computer stolen from your practice*
8. Paper stolen from a desk of your practice
9. A sold or trashed hard drive with PHI on it*
10. A fired employee still has access to your systems or office*
11. A fired employee steals PHI on their way out the door
12. A hacker tricks an employee into installing malware to steal PHI via phishing
13. A hacker tricks an employee into installing malware to steal PHI via drive-by malware
14. A hacker logs in to your network to steal PHI
15. Someone logs into a hosted service that contains PHI (like an email account, calendar system, or hosted EMR system)*
16. A hacker breaks into your website to steal PHI
17. A disaster leaves your PHI open to being lost or stolen*
18. Employees take PHI through a USB drive*
19. Employees take PHI through their work email address
20. Employees take PHI through their personal email address
21. Employees take PHI through a file sharing site (like Dropbox)
22. Employees take PHI by printing it out
23. Employees take PHI by taking pictures of a screen
24. Employees take PHI through instant messaging (like Skype)

Feeling a bit overwhelmed?

Get some free help!  Check out our free 42-Point Checklist for ways to make your practice HIPAA compliant.

Talk to us!

Have questions or feedback?  Please share them in the comments below.

Like this article?  Share it!