You are on page 1of 2

10 Examples of HIPAA Violations

Posted by Fig Gungor on Tue, Jul 09, 2013

Email Article
Object 2
Object 3
Share6
HIPAA violations are nothing to scoff at. These days, the minimm fine stands at !"0# and can gro$ as
large as !1." million for each provision of the rles. As sch, healthcare professionals and insrance
ad%sters are all feeling the pressre, and are trying to do $hatever they can to prevent falling ot of compliance. &t in order
to stay ot of tro'le, yo mst first nderstand $hich mista(es to avoid. Here)s a loo( at 10 common HIPAA violations*
1. Absence of a "Right to Revoke" Clause
+hen creating yor facility)s HIPAA forms, yo mst ta(e care to inform patients of their right to revo(e the permissions they
have given for the disclosre of their confidential medical information to specific parties. +ithot this information, the HIPAA
form is invalid, and any s'se,ent information released to a third party $ill 'e in violation of HIPAA reglations.
2. Release of the Wrong Patient's Inforation
Althogh it may seem o'vios, the release of the incorrect patient)s information can occr throgh careless mista(es. If yor
facility contains records for t$o patients $ith the same name, for example, yo and yor staff mst 'e trained to correctly file
all medical records, and release docments only for the athori-ed patient.
!. Release of "nauthori#e$ %ealth Inforation
+hen releasing information, it is imperative that yo and yor staff $or( to careflly verify that the re,ested docments
have 'een approved for release. A patient may have re,ested that specific elements of their record .ie* mental health,
alcohol/drg treatment, etc.0 not 'e released, $hereas others may choose to share their entire record $ith a specific entity.
&. Release of Inforation to an "n$esignate$ Part'
In addition to verifying the PIH that has 'een o(ayed to 'e released, yo mst ensre that the specific recipient)s
athori-ation is in place. If the HIPAA athori-ation permits 1ane 1ones from A&2 Insrance to receive a patient)s healthcare
record, for example, 3i(e 1ones from A&2 Insrance may not isse a re,est for the information. 4nly the exact person.s0
listed on the patient)s athori-ation form may receive confidential medical docments.
(. )ailure to A$here to the Authori#ation *+,iration -ate
Patients have the right to set an expiration date for their HIPAA athori-ation forms. If A&2 Insrance is only athori-ed to
receive a patient)s PHI throgh a six month $indo$, yo and yor staff mst 'e sre to not release confidential records
Object 1
in
'eyond the athori-ation)s expiration. 5rom here, yo $ill need to contact the patient and o'tain a ne$ HIPAA form 'efore
information can 'e s'mitted to the re,estor.
6. .ack of Patient Signature on %IPAA )ors
6ever release a patient)s information to an otside party $ithot verifying that the HIPAA form has 'een signed 'y the
patient.
/. I,ro,er -is,osal of Patient Recor$s
5ailing to shred PHI 'efore disposal cold lead to disastros conse,ences. If the confidential docment.s0 land in the $rong
hands, yor facility cold receive fines and 'e dragged into cort.
0. "n,rotecte$ Storage of Private %ealth Inforation
According to Healthcare IT 6e$s, the most common clprit 'ehind HIPAA violations is stolen laptops. +hen doctors or
insrers store private information on an nsecred laptop, mo'ile device, or thm'nail drive, it cold easily 'e stolen, sold,
and disclosed.
1. )ailure to Pro,tl' Release Inforation to Patients
Per HIPAA reglations, patients have the right to ,ic(ly o'tain electronic copies of their medical records pon demand. If
yor system is disorgani-ed, or if the re,ested information is lost, yo cold end p violating HIPAA rles.
12. Sall3scale Snoo,ing
Here)s a 'it of shoc(ing ne$s* according to a 7011 srvey 'y Veriphyr, the ma%ority of HIPAA violations and secrity 'reaches
are de to insiders $ho are snooping into the medical records of their co8$or(ers and/or relatives. +ithot creating clearance
levels, pass$ord protection, and trac(ing systems, this (ind of snooping cannot 'e prevented.
+hat types of steps are yo crrently ta(ing to avoid HIPAA violations $ithin yor facility9
•ey committed a Level 3 HIPAA violation that comes with not just financial penalties but can also get
them up to 10 years of jail time A Level 3 HIPAA violation is !an offense committed with the intent to
sell" transfer" or use individually identifiable health information for commercial advantage" gain or
malicious harm
•#hey are in violation of $ubtitle % of A&&A $ec 13'01 (Application of $ecurity Provisions and Penalties to
)usiness Associates of *overed +ntities,
•#hey are in violation of $ubtitle % of A&&A $ection 13'0-(1, . ()reach of $ecurity,
•#he last / can hold them liable for penalties under the HI#+*H Act
•#hey will be in clear violation of HIPAA (!no permissible business purpose in divulging protected health
information to anyone on an account!, should they ever in0uire" report" update or verify anything on the
credit report