Blog

4 HIPAA Violation Cases and What Companies Can Learn from Them

4 HIPAA Violation Cases: Cautionary Tales for Businesses

Do you have a company dealing with patient health data? If yes, you need to seriously think about HIPAA compliance. Check out these HIPAA violation cases to know what you’re in for if you don’t comply with HIPAA’s rules.

The Health Insurance Portability and Accountability Act (HIPAA) created a standard for how medical information can be stored and accessed.

Breaking this law can have serious consequences, including jail time and massive fines. As you’ll soon see in these HIPAA violation cases, it’s easy to overlook things that are actually serious violations.

Keep reading to find out what you can learn from these four cases to avoid becoming a cautionary tale yourself.

1. Train Employees

It can’t be stressed enough how important it is to make sure every employee is trained to avoid HIPAA violations. And, it’s not enough to have them read over the guidelines on their first day.

Ongoing HIPPA training will help prevent violations as these regulations will be consistently in the front of their minds. In addition to training employees, having a system in place that instantly catches violations will help prevent things from going too far.

This lesson was learned the hard way by a clinic located in Virginia. When a high-profile patient came in, 14 of their employees couldn’t resist checking out the electronic file. However, because of the logging system in place, all of these improper logins were caught and the employees were promptly fired.

2. Consider Waiting Room Design

HIPAA compliance starts in the waiting room. One private practice was investigated after a violation and had to completely change the way their waiting room was set up.

The first lesson to learn here is in regards to the position of the computer monitors. They should not be placed in such a way that any patients or other visitors can see them at any time.

Additionally, any conversations that could reveal what a patient has come in for needs to happen in privacy. In this violation case, a staff member told a waiting patient about HIV-testing procedures in front of other patients.

3. Keep Track of Data Storage Devices

The best way to avoid a HIPAA violation because of portable devices is to keep data from being stored on anything like a laptop or flash drive. These are easily stolen and if that happens, it will result in a severe HIPAA fine.

A cardiac monitoring device vendor settled with the Office of Civil Rights (OCR) for $2.5 million after a laptop that had hundreds of patients records was stolen from their vehicle.

Another similar incident occurred in a private practice when a flash drive was misplaced by an employee at a dermatologist office. They had to pay a $150,000-fine and change policies regarding portable storage devices.

4. Don’t Allow Professionals to Treat Acquaintances

When a close friend or family member is at risk because of a patient, it may prove to be too strong a temptation for those treating them. That was the case with one such nurse in New York.

After her sister-in-law’s boyfriend was diagnosed with an STD, she couldn’t help but to warn her sister-in-law about it. It cost the nurse her job, and the clinic is still in litigation with the patient whose confidentiality was violated.

Takeaways from These HIPAA Violation Cases

Hopefully, you picked up a few tips from these HIPAA violation cases so you can avoid making the same mistake in your own health-related business. Here are the tips in review:

  • Provide ongoing training for employees
  • Position computer monitors so patients can’t see them
  • Don’t discuss procedures or patient information in the waiting room
  • Don’t use portable storage devices
  • Avoid allowing nurses and doctors to treat people they know

For more help in keeping your practice or business HIPAA-compliant, contact us today!

Leave a Reply

Your email address will not be published. Required fields are marked *

    Immersion Security

    Providers of vCISO (Virtual Chief Information Security Officer), Secure MSP (Managed Service Provider), Compliance and Consulting.

    Immersion Security is a team of dedicated cyber security experts and researchers who are dedicated to bringing the best and most up-to-date information, technology, and practices to your business.

    ADDRESS

    37 N. Orange Ave.
    Orlando, FL 32801

    PHONE

    833-828-2732

    EMAIL

    info@immersionsecurity.com