The Healthcare Insurance Portability and Accountability Act (HIPAA) was adopted in 1996. It seeks to ensure the secure management of healthcare information and outlines guidelines that all healthcare organizations and employees must follow to manage protected healthcare information (PHI). Under HIPAA, PHI is any information that can be used to identify an individual, including:
- Contact information
- Demographic information
- Lab test results
- Insurance information
- Medical history
As technology continues to evolve, the risks facing PHI also grow. It’s now more important than ever for players in the healthcare industry to comply with HIPAA to avoid costly penalties. To understand the significance of HIPAA compliance, it’s best to revisit past cases relating to violations. These cases will provide crucial lessons on how to avoid common HIPAA-related mistakes.
Case #1: Allergy Associates of Hartford, Conn.
Hartford-based Allergy Associates was fined $125,000 after a patient complained to the Department of Health and Human Services about the disclosure of her PHI by a physician at the facility to a reporter. An investigation revealed that the physician disregarded advice from the hospital’s privacy officer not to respond to the media regarding claims that the woman had been turned away from the facility for bringing along her service animal. Following the disclosure, Allergy Associates failed to take any corrective or disciplinary action towards the physician.
Allergy Associates should have disciplined the physician besides taking corrective action to prevent similar incidents from occurring. Had it done so, the facility would probably not have been penalized. This highlights why healthcare entities should take immediate remediation action when such incidents occur and hold employees responsible for their behavior. Likewise, employees should be trained on media protocols to ensure that PHI is not intentionally or unintentionally disclosed to the media as it happened with Allergy Associates.