HIPAA Violation Examples

Data breaches and HIPAA violations are now more predominant than ever. Even with the most powerful cybersecurity barricades protecting your accounts, hacks and data breaches are still something to be concerned about. In the realm of online fraud and data breaches, HIPAA violations may be the most disquieting. Check out some HIPAA violation examples below to see how other businesses were affected.

Some of the most common reason a business or organization would be assessed a HIPAA violation is because a data breach or hack took place. A few examples of HIPAA violations that are a result from data breaches may include stolen or lost tablets or phones, malware email hacks, improper keeping of unsecured records, lack of employee training, sharing PHI, improper disposal of records, unauthorized release of information, and the sending of unencrypted sensitive data. 

The first example of a HIPAA violation that resulted in penalty enforcement from a breach report by HITECH Act Breach Notification Rule, stemmed from an incident regarding Blue Cross/Blue Shield of Tennessee who agreed to a $1.5 million dollar fine. This was a direct result of an investigation that confirmed the theft of 57 unsecured computer hard drives, which contained over 1 million individuals’ private health information. 

“This settlement sends an important message that OCR expects health plans and health care providers to have in place a carefully designed, delivered, and monitored HIPAA compliance program”

 The statement regarding this HIPAA violation was given by the HHS Office for Civil Rights Director, Leon Rodriguez.

Rodriguez explained, “This settlement sends an important message that OCR expects health plans and health care providers to have in place a carefully designed, delivered, and monitored HIPAA compliance program, The HITECH Breach Notification Rule is an important enforcement tool and OCR will continue to vigorously protect patients’ rights to private and secure health information.”

To read the entire press release from the HHS, visit the following link: HHS settles HIPAA case with BCBST 

6 Steps On How To Avoid HIPAA Violation Fines

1. Start off by reviewing your organization’s policies and procedures related to electronic Protected Health Information (ePHI). You can also choose to hire a qualified HIPAA/HITECH consultant to monitor HIPAA violations; we highly recommend hipaasolutions.org.

2. Train your staff annually on their responsibilities related to HIPAA violations and laws; make sure policies and procedures are accessible at any time for employees to review.

3. Make sure all partners and vendors that deal with ePHI sign an agreement that they will abide by HIPAA violation laws.  This agreement should be signed by any individual that handles ePHI.

4. Be aware of all State and Federal HIPAA laws; a good practice is to do your research quarterly on changes to HIPAA/HITECH violation laws that may have taken place. If you do not have the staff to do your own research, internally hire a HIPAA/HITECH consultant.

5. No single policy, procedure or product can ensure HIPAA/HITECH compliance. So, make sure that everyone in your organization understands the laws regarding HIPAA and ePHI.

6. When sending sensitive information by email, make sure to use a Secure Email Encryption product, such as NeoCertified. For consultation about different secure email products, give us a call at (877) 613-5036 or send an email to Info@NeoCertified.com.

Written by, 
Andrew Stiegler 

NeoCertified and its employees are not registered HIPAA advisors: any aformentioned HIPAA information or advice in the article above should be consulted by your HIPAA advisor or lawyer.