Article: 7 Different Types of HIPAA Violations

Attorney, Jeffrey P. Greenberg has been practicing healthcare and corporate law for over 3 decades in Tampa, throughout Florida, and across the United States.

Call (813) 284-2030 for your Healthcare Law and Corporate Law Legal Needs.

Healthcare Article

‹‹‹ Back to Articles List

Healthcare Article

7 Different Types of HIPAA Violations

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is legislation that provides for the privacy and security of patients’ medical information. Under HIPAA, protected health information (PHI), which is defined as individually identifiable health information that is transmitted by electronic media, maintained in electronic media, or transmitted or maintained in any other form or medium, must be kept confidential. Violations of HIPAA can result in civil and/or criminal penalties, so it is important to understand the different ways (whether negligent or intentional) HIPAA can be violated so you can take preventative action.

What is a HIPAA violation? The best way to understand what constitutes a HIPAA violation is to look at examples, so I’ve compiled a list of 7 different types of common HIPAA violations. This is by no means an exhaustive list, but it does illustrate just how easy it is for HIPAA violations to occur.

Lost or stolen devices—if there is not proper encryption and password protection on electronic devices such as laptops and smart phones, unauthorized people can gain access to PHI if one of these devices falls into the wrong hands.

Improper disposal of information—all paperwork containing PHI needs to be shredded, because if it is simply thrown away, anyone could walk by the trash can and pluck confidential patient information out of the garbage. Similarly, data stored in digital form needs to be properly wiped from devices and old hard drives or flash drives should be physically destroyed.

Third-party disclosure—most practices have subcontractors and business associates, and if these associates violate HIPAA than YOU are legally responsible for their non-compliance! Businesses must ensure any third-party associates have policies in place regarding HIPAA compliance.

Unauthorized release of information—unless the patient is a dependent or Power of Attorney has been granted, PHI cannot be released to anyone other than the patient, including family members, without their signed consent.

Using or selling PHI for personal gain—employees with access to PHI aren’t always honest, and whether they simply snoop to satisfy personal curiosity or actually use or sell patients’ PHI for personal gain, this is a serious infraction.

Unsecured records—under HIPAA, electronic and paper files containing PHI must be secured. This includes making sure electronic devices are password protected and paper files are stored in secure, locked areas. This also applies to leaving paperwork with PHI out in the open (such as on a desk) where it can be seen by prying eyes.

Overheard information—discussing PHI, even with co-workers or other authorized parties, in public places or anywhere it can be overheard by others is asking for trouble. This is tantamount to discussing PHI with your significant other, best friend, or posting about it on social media.

Ensuring all personnel are properly trained and have a good understanding of HIPAA is vital to preventing violations. Employers can take precautions such as encrypting data, password protecting electronic devices, and securing records; however, employees are personally responsible for exercising integrity in regards to PHI and not releasing confidential information in person, via the telephone, electronically, or on social media.

Additionally, the HIPAA Breach Notification Rule “requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information.” A breach is an improper disclosure of PHI which compromises the information’s security, privacy, or both, and there are breach notification guidelines that include notification of the affected individuals, the Secretary of the U.S. Department of Health and Human Services, and possibly the media.

It is in the best interest of professionals and patients alike to abide by HIPAA—not only that, but it’s the law. As U.S. citizens we have a right to the privacy and security of our personal information, and in the digital age we all must be especially vigilant in preserving this right. 

September 23, 2016 / Written by: Margaret Durkovic

Healthcare Article

Call (813) 284-2030 to find out how we may be able to help you with your Healthcare Law and Corporate Law Legal Issues.

Jeffrey P. Greenberg

Jeff has over 3 decades of experience in healthcare and corporate transactional and regulatory matters, including acquisitions and divestitures, federal and state licensure, and compliance. Jeff’s clients include health care providers such as hospitals, physician practices, and privately held corporations. He represents clients in transactions involving the provision of professional services to licensed healthcare entities, the formation and transfer of licensed healthcare organizations, and the management of licensed entities by business organizations.

Jeff also advises clients with respect to business planning, growth, succession, and exit strategies; governance, control, and operational issues; and the impact of state and federal legislation, including anti-self-referral, anti-kickback, Medicare and HIPAA.

Read More ›››

Contact Us by EMail

Healthcare Law Firm
Healthcare Law Firm

At Jeffrey P. Greenberg P.A., we understand that physician practices face unique challenges and we have experience in advising those practices on a wide variety of legal matters.

Jeffrey P. Greenberg P.A., is committed to providing a high level of Healthcare Law legal advice and service.

Read More ›››

Corporate Law Firm
Corporate Law Firm

Jeffrey P. Greenberg P.A. corporate law services includes advising on mergers and acquisitions, joint ventures, corporate finance, corporate governance, compliance, and other operational issues.

JPG Law is committed to providing a high level of Corporate Law legal advice and service.

Read More ›››