May 10
2019
Potential HIPAA Security Violations
By Adrian Johansen, freelance writer; @AdrianJohanse18.
Your health is the most personal part of your life. Going into a doctor’s office or hospital makes a person feel vulnerable, even if they’re only there for a routine checkup. There’s an unspoken trust between patient and doctor that whatever is discussed or recorded will remain private. When your protected health information (PHI) gets out, either accidentally or purposefully, it can be embarrassing and seriously affect your life.
The Health Insurance Portability and Accountability Act (HIPAA) has been around since 1996. It was created to formalize data and privacy security requirements so that PHI remains safe. Healthcare administrators and staff such as nurses who work with patient records must be trained in these regulations, and they also must know how to handle HIPAA violations.
The growth of HIPAA violations
HIPAA compliance has always been important, but it’s become even more of a hot topic in recent years as the number of data breaches has climbed. Between 2009 and 2015, HIPAA violations occurred mainly because of loss or theft of healthcare records and PHI. Encryption and improved policies reduced those types of breaches. From 2015 to 2018, top causes of HIPAA violations included hacking incidents and unauthorized access and disclosures. There’s more than one healthcare data breach reported per day, and nearly 190,000,000 healthcare records have been stolen or exposed since 2009.
Common HIPAA security violations
A HIPPA violation involves the loss or unauthorized access of PHI. This includes identifying information that gets out, such as the patient’s name, date of birth, contact information, photos, or healthcare records. A data breach may occur when:
- A tech device, like a laptop, smartphone or USB, is lost or stolen
- PHI is accidentally sent to the wrong patient
- A break-in at the medical office results in theft of patient records
- A cybersecurity breach occurs, like hacking, malware or ransomware
- Employees talk about PHI outside the medical office
- There’s a security breach by a business associate or another unauthorized individual
- PHI is shared online (such as via social media) or via text
- When developing a mobile health app, the software does not follow software-specific HIPAA requirements
- Privacy rights are violated while discussing a case in court. Note that there are times when privacy laws may be temporarily waived, like during a medical malpractice case