HIPAA Violations: Failure to Protect Patient Healthcare Information Can Result in Litigation
By law, healthcare providers and medical institutions are required to take the security of patient health information seriously. However, not all of them are committed to protecting the privacy of their patients.
For this reason, lawmakers passed the Health Insurance Portability and Accountability Act, also known as HIPAA. The legislation has numerous policies that address the privacy and security of patient health data.
Unfortunately, many organizations fail to comply with HIPAA rules, which increases the risk of data breaches. Some medical institutions have insufficient procedures to mitigate the risks of HIPAA breaches, while others underestimate the importance of revisiting their policies.
The Risk of Data Breaches
Many patients across the U.S. believe that privacy and security breaches are more likely to happen in larger organizations, such as hospitals, clinics, and health systems. However, both larger and smaller medical practices are susceptible to data breaches.
Privacy and security breaches can take various forms, including:
- Loss of data
- Information theft
- Hacking of patient health information
- Fraudulent activity, including fraudulent misrepresentation
- Improper disposal of records
- Inadvertent disclosure
Smaller healthcare facilities are more likely to be unaware of all the potential risks, which makes them even more vulnerable to data breaches.
How Medical Employees Can Pose a Risk
While most people working in medical institutions would not knowingly steal patient information, they may violate HIPAA regulations through improper or careless use of patient health data.
Medical professionals and other employees can put their entire organization at risk when they take shortcuts or fail to comply with HIPAA procedures to the letter. For instance, if a doctor is in a hurry and shares the password to his medical record with a colleague to update a record in his absence, this could create the risk of a security breach violation.
Other examples of HIPAA violations include discussing private health information online or over the phone in a public area and forgetting to log off one’s computer that contains private health information. Such violations could trigger physician practice litigation.
HIPAA Complaints: Statistics and Causes
Since 2003, the Office for Civil Rights (OCR) has received nearly 106,000 HIPAA complaints. Of these, approximately 1,200 resulted in compliance reviews.
Most of these cases were resolved by:
- Requiring changes in privacy procedures
- Ordering correcting actions
- Providing technical assistance
OCR has investigated HIPAA violation complaints against entities such as:
- Hospital chains
- Medical centers
- National pharmacy chains
- Group health plans
- Small provider offices
The report by the OCR indicates that most HIPAA compliance violations were caused by:
- Disclosure or impermissible use of protected health information
- Inadequate protection of patient health information
- Lack of patient access to their own health data
- Improper administrative safeguards of electronically protected health information
- Disclosure of more than the minimum required protected information
Although the vast majority of HIPAA complaints are resolved through the OCR, there are 540 known referrals that were made to the Department of Justice to initiate a criminal investigation. Often, a criminal investigation is required in cases that involved the deliberate disclosure or obtaining of protected patient health data in violation of the HIPAA rules.
If you or your medical organization is being accused of HIPAA violations, contact our West Palm Beach physician practice management & litigation attorneys at Pike & Lustig, LLP. Discuss your options in handling litigation by calling at 561-291-8298.