Since the HIPAA compliance date for privacy was implemented in April 2003, nearly 100,000 complaints falling under this umbrella have been submitted to the Department of Health and Human Services.

This number sounds staggering, but nearly 74,000 were not eligible for enforcement or no violation was found.

Continue Reading

The top 5 issues that are most investigated, in order of frequency are: 

  1. use and disclosure of information without permission
  2. lack of safeguard protecting information
  3. not providing patients with access to health information
  4. disclosing more than the minimum necessary information
  5. having administrative safeguards of electronic health information

Many of the slipups here are also preventable, Caswell said. She has seen reports of employees intentionally accessing medical records without permission or people in the billing department accidentally viewing physicians’ notes and disclosing the information to someone else.

She has known of patients taking photographs when a physician leaves an exam room without logging out of his or her computer screen and using that as evidence to show they could see other patients’ information.

“A lot of it comes from disgruntled people,” she said. “Someone is sent a bill and they don’t want to pay, so they will find a reason to complain. People know about this and they do it.”

And filing complaints is easy. Patients can go to the OCR site, file online, and a complaint is sent to the regional office that is responsible for investigations.

Many of the complaints do not cause problems for physicians, but it is important to understand that one complaint is enough to allow someone in your doors to look at your whole system, Caswell said.

During her time as an investigator, she saw one privacy complaint that ended up netting 22 more after an organization opened its system for investigation.

“If Dr. Smith doesn’t log off of a computer when he leaves the room … it opens Pandora’s box.”