HIPAA violations in the workplace affect all organizations, not just healthcare providers, but also covered entities and their business associates.
What is a HIPAA Violation in the Workplace?
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 to protect individual’s health records as they changed jobs.
In 2003, the US Department of Health and Human Services (HHS) released the Privacy Rule, which defined Protected Health Information (PHI) as “any information kept by a covered entity that can be linked to an individual and concerns health status, healthcare provision, or payment for healthcare.”
Examples of common HIPAA violations include the following:
- Failure to perform a risk analysis
- Failure to promptly release information to patients
- Unauthorized access to medical records (insider snooping)
- Missing patient signatures
- Releasing information to an undesignated party
- Distributing unauthorized health information
- Releasing the wrong patient’s information
- Use of unsecured devices for storing private health information.
Below are few examples of HIPAA violation in the workplace:-
- When the OCR found that a physician had accessed the medical records of celebrities and other patients without permission, the University of California Los Angeles Health System was fined $865,000; the doctor was sentenced to four months in federal prison for violating HIPAA. He was the first healthcare professional to be convicted for a HIPAA violation.
- After portable devices containing ePHI were reported as missing or stolen, several violation complaints were filed against the University of Rochester Medical Center. A $3 million settlement was paid to settle the case later.
- The Office of Civil Rights fined the Texas Health and Human Services Commission (TX HHSC) $1.6 million for several violations, including a risk analysis failure, an access control failure and an impermissible disclosure of patient ePHI.