8/12/2019 Hipp

1/2

10 Examples of HIPAA Violations

Posted by Fig Gungoron Tue, Jul 09, 2013

Email Article

Object2

Object3

Share6

HIPAA violations are nothing to scoff at. These days, the minimm fine stands at !"0# and can gro$ as

large as !1." million for each provision of the rles. As sch, healthcare professionals and insrance

ad%sters are all feeling the pressre, and are trying to do $hatever they can to prevent falling ot of compliance. &t in order

to stay ot of tro'le, yo mst first nderstand $hich mista(es to avoid. Here)s a loo( at 10 common HIPAA violations*

1. Absence of a "Right to Revoke" Clause

+hen creating yor facility)s HIPAA forms, yo mst ta(e care to inform patients of their right to revo(e the permissions they

have given for the disclosre of their confidential medical information to specific parties. +ithot this information, the HIPAA

form is invalid, and any s'seent information released to a third party $ill 'e in violation of HIPAA reglations.

2. Release of the Wrong Patient's Inforation

Althogh it may seem o'vios, the release of the incorrect patient)s information can occr throgh careless mista(es. If yor

facility contains records for t$o patients $ith the same name, for example, yo and yor staff mst 'e trained to correctly file

all medical records, and release docments only for the athori-ed patient.

!. Release of nauthori#e$ %ealth Inforation

+hen releasing information, it is imperative that yo and yor staff $or( to careflly verify that the reested docments

have 'een approved for release. A patient may have reested that specific elements of their record ie* mental health,

alcohol/drg treatment, etc. not 'e released, $hereas others may choose to share their entire record $ith a specific entity.

&. Release of Inforation to an n$esignate$ Part

In addition to verifying the PIH that has 'een o(ayed to 'e released, yo mst ensre that the specific recipient)s

athori-ation is in place. If the HIPAA athori-ation permits ane ones from A&2 Insrance to receive a patient)s healthcare

record, for example, 3i(e ones from A&2 Insrance may not isse a reest for the information. 4nly the exact persons

listed on the patient)s athori-ation form may receive confidential medical docments.

(. )ailure to A$here to the Authori#ation *+,iration -ate

Patients have the right to set an expiration date for their HIPAA athori-ation forms. If A&2 Insrance is only athori-ed to

receive a patient)s PHI throgh a six month $indo$, yo and yor staff mst 'e sre to not release confidential records

Object1

http://www.onesourcedoc.com/blog/?Author=Fig+Gungorhttp://www.onesourcedoc.com/blog/bid/95168/10-Examples-of-HIPAA-Violations#emart-form-anchorhttp://www.onesourcedoc.com/blog/bid/95168/10-Examples-of-HIPAA-Violations#emart-form-anchorhttp://www.onesourcedoc.com/blog/bid/95168/10-Examples-of-HIPAA-Violations#emart-form-anchorhttp://www.onesourcedoc.com/blog/bid/95168/10-Examples-of-HIPAA-Violations#emart-form-anchorhttp://www.onesourcedoc.com/blog/?Author=Fig+Gungor

8/12/2019 Hipp

2/2

'eyond the athori-ation)s expiration. 5rom here, yo $ill need to contact the patient and o'tain a ne$ HIPAA form 'efore

information can 'e s'mitted to the reestor.

6. ack of Patient Signature on %IPAA )ors

6ever release a patient)s information to an otside party $ithot verifying that the HIPAA form has 'een signed 'y the

patient.

/. I,ro,er -is,osal of Patient Recor$s

5ailing to shred PHI 'efore disposal cold lead to disastros conseences. If the confidential docments land in the $rong

hands, yor facility cold receive fines and 'e dragged into cort.

0. n,rotecte$ Storage of Private %ealth Inforation

According to Healthcare IT 6e$s, the most common clprit 'ehind HIPAA violations is stolen laptops. +hen doctors or

insrers store private information on an nsecred laptop, mo'ile device, or thm'nail drive, it cold easily 'e stolen, sold,

and disclosed.

. )ailure to Pro,tl Release Inforation to Patients

Per HIPAA reglations, patients have the right to ic(ly o'tain electronic copies of their medical records pon demand. If

yor system is disorgani-ed, or if the reested information is lost, yo cold end p violating HIPAA rles.

1. Sall3scale Snoo,ing

Here)s a 'it of shoc(ing ne$s* according to a 7011 srvey 'y Veriphyr, the ma%ority of HIPAA violations and secrity 'reaches

are de to insiders $ho are snooping into the medical records of their co8$or(ers and/or relatives. +ithot creating clearance

levels, pass$ord protection, and trac(ing systems, this (ind of snooping cannot 'e prevented.

+hat types of steps are yo crrently ta(ing toavoid HIPAA violations$ithin yor facility9

ey committed a Level 3 HIPAA violation that comes with not just financial penalties but can also get

them up to 10 years of jail time A Level 3 HIPAA violation is !an offense committed with the intent to

sell" transfer" or use individually identifiable health information for commercial advantage" gain or

malicious harm

#hey are in violation of $ubtitle % of A&&A $ec 13'01 (Application of $ecurity Provisions and Penalties to

)usiness Associates of *overed +ntities,

#hey are in violation of $ubtitle % of A&&A $ection 13'0-(1, . ()reach of $ecurity,

#he last / can hold them liable for penalties under the HI#+*H Act

#hey will be in clear violation of HIPAA (!no permissible business purpose in divulging protected healthinformation to anyone on an account!, should they ever inuire" report" update or verify anything on the

credit report

http://www.onesourcedoc.com/insurance/partnership/http://www.onesourcedoc.com/insurance/partnership/http://www.onesourcedoc.com/insurance/partnership/http://www.onesourcedoc.com/insurance/partnership/