Skip to main content

Health care providers often have the best of intentions regarding maintaining privacy, ensuring accuracy, and complying with HIPAA regulations. Unfortunately, a combination of factors that include the lack of proper training and security, an absence of notification policies, disregard for appropriate storage, and the mismanagement of protected health information (PHI) can quickly compromise a patient’s confidentiality and lead to HIPAA violations.

Medical Records Retrieval

Some 43% of health care providers acknowledge that technical safeguards are sometimes tricky. Here are top mistakes made by healthcare providers when releasing records, along with advice on how to avoid them.

1. Employees Inappropriately Access and/or Disclose Patient Information - Record Release

It can be something as simple as gossip, and it could take place anywhere. When employees gossip about patients with family or friends, it’s a HIPAA violation. Health care providers risk violating HIPAA when employees talk about patient information in a public area or with any individuals without valid prior authorization.

Here are just a few scenarios where employees could be in a HIPAA violation:

  • An employee could access patient files out of spite, curiosity, or because another individual asked him/her to look.
  • An employee could misplace or mishandle a patient file. It could be as simple as leaving the record on the counter and walking away to finish another task.
  • The clinician or other practice employees could access the patient information from an unsecured device or home computer.
  • An employee could send the PHI to the wrong address. It could be something as simple as a transposed number entry issue.

While these lapses are likely simple mistakes, it’s important to put safeguards in place to avoid these issues. ChartSwap virtually eliminates these types of exposure risk. You can also assess your risk via the free Security Risk Assessment Tool.

2. The Health Care Provider Fails to Have Computer Security Systems in Place

If health care providers do not implement security measures, hackers or other individuals could access patient information. More than 32 million patient records were breached in the early part of 2019 alone. It’s essential to use secure passwords, but also to restrict access. For counter staff, healthcare providers should have computers positioned so that the public cannot access or view the patient information.

Here are just a few scenarios where employees could be in a HIPAA violation:

  • A hacker could hack into the computer system and access all the patient information.
  • An employee’s desk could be positioned in such a way that a patient can see the PHI on his/her computer screen.
  • The practice could use an outdated version of software programs without secure passwords and protocols in place.
  • Devices could be lost or stolen, facilitating the possibility of an improper record release scenario.

Health care practices should implement security policies, but also put into place security systems to protect electronic records. The good news is that ChartSwap uses military-grade security policies and industry-leading data protection. ChartSwap also forces the secure https:// standard for all web, mobile, desktop, and API communication features. All of that security is our way of protecting practices from unauthorized access or record retrieval.

3. Employees Divulge Medical Information = Record Release

When employees are not properly trained on your policies and procedures, it’s possible that they could disclose medical information in a way that has not been authorized by the patient.

  • An employee shares a patient’s medical information to an unauthorized person (a family member, the patient’s employee, or other requesting individuals).
  •  An employee texts test results or other patient data. This improper record release is a HIPAA violation.
  • A staff member posts PHI to a social media account, or responds to a patient via a public online forum.

The incorrect delivery of PHI due to employee error is at around one percent. While that number could be far worse, ChartSwap virtually eliminates that problem by facilitating the request and release of medical records in an electronic format. It is a better way to protect patient privacy while staying in compliance and removing much of the stress and hassle of mistakes.

4. Employees Improperly Store, Retain, and/or Dispose of Old Records.

Those paper medical records have been around for years. Some of them might be so old that they’ve yellowed with age. The problem with these records is that they take up a lot of room. The files must be kept in a secure and accessible location, and they can be a records management nightmare.

Here’s what could go wrong:

  • The PHI could be misfiled, which makes it challenging to locate them when needed.
  • The storage area could be out of compliance because of the lack of security, etc.

Even when there aren’t any security and compliance problems, paper records are being phased out for a good reason. It’s difficult to gauge the full scope of a patient’s medical history by looking at old and potentially out-of-date records. ChartSwap offers fast, flexible, and secure access to protected health information (PHI) while removing the hassle, human-mistake factor, inconvenience, and the unmitigated nightmare that paper medical records can represent.

5. Healthcare Providers Fail to Train Employees on Record Retrieval and Record Release

Training really is at the core of many of the other core mistakes that a healthcare provider can make, but it bears repeating. Here’s what could happen:

  • Without training, employees don’t know what they are doing wrong in the record retrieval and record release processes.
  • Without training, employees may deploy malicious software without their knowledge.
  • Employees could not realize the resources available to them to mitigate security risks in record retrieval and record release.

ChartSwap supports the HIPAA compliance efforts of billing and medical record providers, with comprehensive information, security and privacy policies, detailed reports, and access to resources that support your training requirements. We are 100% HIPAA-secure and HITECH-compliant.

How ChartSwap Helps Mitigate Mistakes

ChartSwap is one health information software solution that is specifically designed to streamline your information exchange related to health information management and paper as well as electronic health records (EHRs). Beyond the ease of use, though, we’ve put in place rigorous standards and controls to protect practices from accidental as well as the malicious release of records. It just makes sense to rely on a single platform where you can access, track, and download paper medical records or EHRs quickly, accurately, and securely.

Take a look at what ChartSwap offers, and see the difference; request a no-cost, no-commitment demo today.

Learn How You Can Benefit From Using ChartSwap


Author ChartSwap

ChartSwap is a HIPAA-Compliant medical record exchange portal that allows for the transfer of medical records between registered records requestors and records providers. ChartSwap has over 160,000 active users and is growing daily.

More posts by ChartSwap