<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=223160948282560&amp;ev=PageView&amp;noscript=1">

Skyscape Blog

HIPAA Violations start getting recognized and enforced

Posted by Skyscape on May 18, 2018 4:06:52 PM

The Healthcare Insurance Portability and Accountability Act (HIPAA) was signed into law in 1996  What HIPAA is universally known for is protecting the privacy of your medical information. On April 14, 2003, the law was revised with the following provisions:

“The HIPAA Privacy Rule for the first time created national standards to protect individuals’ medical records and other personal health information. Some of the most important pieces of the legislation included:

  • It gave patients more control over their health information.
  • It set boundaries on the use and release of health records.
  • It established appropriate safeguards that health care providers and others must achieve to protect the privacy of health information.
  • It held violators accountable, with civil and criminal penalties that can be imposed if they violate patients’ privacy rights.

For patients – it means being able to make informed choices when seeking care and reimbursement for care based on how personal health information may be used. Some of the benefits to patients are that:

  • It enables patients to find out how their information may be used, and about certain disclosures of their information that have been made.
  • It generally limits release of information to the minimum reasonably needed for the purpose of the disclosure.
  • It generally gives patients the right to examine and obtain a copy of their own health records and request corrections.
  • It empowers individuals to control certain uses and disclosures of their health information." Source Webpage

HIPPA

For the bulk of the life of the law and subsequent rules, there was little enforcement of HIPAA with regards to prosecution or penalties.  However, over the last several years, that has begun to change. Over the past five years, prosecutions have become more commonplace. Fines and penalties are becoming both more numerous and expensive.  In 2017, fines across the largest HIPAA violations topped out at over $20M across several large organizations.

A list of HIPAA Settlements from 2016 shows the fines, size and scale from these violations:

Covered Entity Date Amount Breach that triggered OCR investigation Individuals impacted
University of Massachusetts Amherst (UMass) November, 2016 $650,000 Malware infection 1,670
St. Joseph Health October, 2016 $2,140,500 PHI made available through search engines 31,800
Care New England Health System September, 2016 $400,000 Loss of two unencrypted backup tapes 14,000
Advocate Health Care Network August, 2016 $5,550,000 Theft of desktop computers, loss of laptop, improper access of data at business associate 3,994,175 (combined total of three separate breaches)
University of Mississippi Medical Center July, 2016 $2,750,000 Unprotected network drive 10.,000
Oregon Health & Science University July, 2016 $2,700,000 Loss of unencrypted laptop / Storage on cloud server without BAA 4,361 (combined total of two breaches)

Image Source: https://www.hipaajournal.com/ocr-hipaa-enforcement-summary-2016-hipaa-settlements-8646/

 

Topics: news, medicine, medical school, hipaa