Common HIPAA Patient Information Violations
A wide range of patient information is covered under HIPAA privacy statutes, which regulate how information is disclosed.
Editor's note: Renal & Urology News has launched this new department to help physicians comply with the Health Insurance Portability and Accountability Act (HIPAA). If you would like to suggest a topic, please write to Jody A. Charnow at firstname.lastname@example.org.
When the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted, its main focus was to ensure individuals could maintain health insurance when moving between jobs.
The “portability” part of the law required providers and insurers to standardize electronic data exchanged in transactions including claim information, health plan eligibility, premium payments and first report of injuries.
The “accountability” portion of the legislation was added to ensure the information included in the electronic transmissions would be safeguarded. In 1996, when the legislation was enacted, what this would mean for electronic health information was merely conjecture. Paper records were the norm and little was being shared electronically.
Other main HIPAA rules deal with privacy, security and breach notification. A wide range of patient information is covered under the privacy umbrella, which regulates how health information can be used and disclosed to others. Security deals with the confidentiality and availability of health data.
As electronic health information has become more prevalent, this is the area that has become a sticky wicket for providers. And these are costly breaches.
According to Symantec, the price of a breach is nearly $200 per compromised record and almost $50,000 for a lost laptop. Healthcare breaches are estimated to cost the industry billions every year.
According to a recent report by the Office for Civil Rights (OCR), which enforces HIPAA, approximately 940 complaints have been filed since 2009, when the office began reporting enforcement results.
The most common security breaches are:
- unauthorized intentional access
- use or disclosure of health information
- human error
- loss of protected health information in either paper or electronic form
Private practices are the top offenders of HIPAA breaches.
Michelle Caswell, senior director of legal and compliance at Clearwater Compliance and former OCR HIPAA investigator, said breaches like the recent one that compromised 4.5 million patient records at Community Health Systems are highly publicized.
But smaller and preventable things like lost laptops are tripping up many physicians. “This is where we are seeing most of the violations occurring now,” she said.