What Constitutes a HIPAA Violation? 4 Mistakes to Avoid

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 helped cut down on healthcare fraud and ensure that employees could maintain healthcare coverage while between jobs. Since its original creation, several updates have been made to HIPAA to help improve privacy protection for patients and health plan members. 

However, HIPAA violations are now one of the most common issues in the healthcare field. So what constitutes a HIPAA violation, and what happens after a HIPAA violation occurs?

What Constitutes a HIPAA Violation?

A HIPAA violation is defined by a failure to comply with any aspect of HIPAA standards and provisions. It occurs when Protected Health Information (PHI) is accessed, used, or disclosed in a manner that causes personal risk for the patient.

There are hundreds of different ways that a HIPAA violation can occur, with some of the most common being:

• Failure to properly dispose of PHI
• Unauthorized access of PHI
• Patients records being stolen
• Failure to provide patients with request copies of their PHI
• Mismailing PHI
• Texting PHI
• PHI sharing online or through social media
  
  

What Happens After a HIPAA Violation Occurs?

Your HIPAA business associate compliance checklist will have exact specifications as to what the response will be following a HIPAA violation. But in general, the events that take place after a HIPAA violation will depend on the type of violation. There are two types of HIPAA violations:

• Civil HIPAA violations
• Criminal HIPAA violations
  
  

Civil HIPAA Violations

Civil HIPAA violations are recognized as accidental and possessing no malicious intent. In other words, they occur due to carelessness or ignorance of the law.

These violations typically result in a fine. The penalty size depends on the severity of the specific act.

• $100 per violation if the individual was not aware they were committing a HIPAA violation
• A minimum of $1,000 if the individual had reasonable cause and didn’t act with willful neglect
• A minimum of $10,000 per violation if the individual was acting with willful neglect, and then fixed the issue
• A minimum of $50,000 per violation if the individual was acting with willful neglect, and did not fix the issue

According to HIPAA rules, all accidental violations should be made known to the covered entity within 60 days of discovery.

Criminal HIPAA Violations

A criminal violation occurs when the individual who committed the violation did so knowingly and with malicious intent, such as a social media HIPAA violation. 

For obvious reasons, these violations are accompanied with much harsher penalties.

• $50,000 fine and up to 1 year in jail if the individual knowingly obtained and disclosed PHI
• $100,000 fine and up to 5 years in jail if the individual committed the violation under false pretenses
• $250,000 fine and up to 10 years in jail if the individual committed the violation for personal interest or gain (such as selling PHI)
  
  

4 HIPAA Mistakes to Avoid

There are some simple mistakes you should aim to avoid in order to deter HIPAA violations, including:

• Leaving your device somewhere not secure
• Sharing private information with unauthorized individuals
• Incorrectly disposing PHI documents
• Accessing PHI from an unsecure location
  
  

Leaving Your Device in an Unsecure Location

Any piece of technology that contains sensitive patient information should be left in a secure location where it will be safe from prying eyes.

Sharing Private Information With Unauthorized Individuals

This one may seem obvious, but it’s a mistake that occurs every day. Always remember that private information can only be shared with authorized individuals and personnel. And no, this doesn’t include your closest friends and family.

Incorrectly Disposing PHI Documents

There’s a right and wrong way to dispose of PHI documents, and it can make a huge difference to your patients.

Accessing PHI From an Unsecure Location

There shouldn’t be much of a need for you to access PHI outside of your scheduled work hours. If you do, make sure it’s from a secure location and not from somewhere public, such as a coffee shop.

Avoiding HIPAA Violations

HIPAA violations slow down workplace productivity, results in big penalties for those involved, and overall creates a feeling of unprofessionalism for your company.

It’s vital that you and your team avoid silly, simple mistakes that will affect the company as whole. It takes a company-wide effort to help prevent this (and maybe even the help of a practice management partner).