What Constitutes a HIPAA Violation?

The Health Insurance Portability and Accountability Act – that was passed in 1996 with the aim of simplifying the administration of healthcare, eliminate wastage, prevent healthcare fraud, and ensure that employees could maintain healthcare coverage when between jobs – is thought of as a landmark piece of legislation in the U.S.

Since it was passed there have been some major updates to HIPAA including the HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Omnibus Rule, and the HIPAA Breach Notification Rule. These updates were aimed at increasing privacy protections for patients and health plan members to try and ensure healthcare data is completely secure and the privacy of patients is secure.

A HIPAA violation when an outfit or individual is not in compliance with any aspect of HIPAA standards and provisions detailed in detailed in 45 CFR Parts 160, 162, and 164.

The combined text of all HIPAA regulations made public by the Department of Health and Human Services Office for Civil Rights includes 115 pages and has a great number of different provisions. There are hundreds of ways that HIPAA Rules can be breached, although the most witnessed HIPAA violations are:

How are HIPAA Violations Found?

Most HIPAA violations are found by HIPAA-covered entities during internal audits. Supervisors may discover employees who have breached HIPAA Rules and employees often self-report HIPAA violations and potential HIPAA breaches by co-workers.

The HHS’ Office for Civil Rights polices HIPAA Rules and investigates complaints of HIPAA violations reported by healthcare employees, patients, and health plan members. OCR also investigates all covered entities who register breaches of more than 500 records and conducts investigations into certain smaller breaches. OCR also conducts periodic audits of HIPAA covered outfits and business associates.

State attorneys general also have the authority to look into breaches and investigations are often conducted due to complaints about possible HIPAA violations and when reports of breaches of patient records are submitted.

What are the Penalties for Breaches of HIPAA Rules?

The penalties for breaking HIPAA Rules can be very high for those to blame. State attorneys general can apply fines as high as $25,000 per violation category, per calendar year. OCR can sanction financial penalties up to $1.5 million per violation category, per year. Multi-million-dollar fines can be – and have previously been – issued.

While healthcare providers, health plans, and business associates of covered entities can receive financial penalties, there are also potential fines for persons who break HIPAA Rules and criminal penalties may be deemed applicable. A jail term for breaking HIPAA is a possibility, with some violations carrying a punishment of up to 10 years in jail.