Subscribe by Email

Your email:


Best Practices in Release of Information Webinar


Browse by Tag

Follow Me


Current Articles | RSS Feed RSS Feed

10 Examples of HIPAA Violations


HIPAA violations exampleHIPAA violations are nothing to scoff at. These days, the minimum fine stands at $50K and can grow as large as $1.5 million for each provision of the rules. As such, healthcare professionals and insurance adjusters are all feeling the pressure, and are trying to do whatever they can to prevent falling out of compliance. But in order to stay out of trouble, you must first understand which mistakes to avoid. Here's a look at 10 common HIPAA violations:

1. Absence of a "Right to Revoke" Clause

When creating your facility's HIPAA forms, you must take care to inform patients of their right to revoke the permissions they have given for the disclosure of their confidential medical information to specific parties. Without this information, the HIPAA form is invalid, and any subsequent information released to a third party will be in violation of HIPAA regulations.

2. Release of the Wrong Patient's Information

Although it may seem obvious, the release of the incorrect patient's information can occur through careless mistakes. If your facility contains records for two patients with the same name, for example, you and your staff must be trained to correctly file all medical records, and release documents only for the authorized patient. 

3. Release of Unauthorized Health Information

When releasing information, it is imperative that you and your staff work to carefully verify that the requested documents have been approved for release. A patient may have requested that specific elements of their record (ie: mental health, alcohol/drug treatment, etc.) not be released, whereas others may choose to share their entire record with a specific entity. 

4. Release of Information to an Undesignated Party

In addition to verifying the PIH that has been okayed to be released, you must ensure that the specific recipient's authorization is in place. If the HIPAA authorization permits Jane Jones from ABC Insurance to receive a patient's healthcare record, for example, Mike Jones from ABC Insurance may not issue a request for the information. Only the exact person(s) listed on the patient's authorization form may receive confidential medical documents.

5. Failure to Adhere to the Authorization Expiration Date

Patients have the right to set an expiration date for their HIPAA authorization forms. If ABC Insurance is only authorized to receive a patient's PHI through a six month window, you and your staff must be sure to not release confidential records beyond the authorization's expiration. From here, you will need to contact the patient and obtain a new HIPAA form before information can be submitted to the requestor.

6. Lack of Patient Signature on HIPAA Forms

Never release a patient's information to an outside party without verifying that the HIPAA form has been signed by the patient. 

7. Improper Disposal of Patient Records

Failing to shred PHI before disposal could lead to disastrous consequences. If the confidential document(s) land in the wrong hands, your facility could receive fines and be dragged into court.

8. Unprotected Storage of Private Health Information

According to Healthcare IT News, the most common culprit behind HIPAA violations is stolen laptops. When doctors or insurers store private information on an unsecured laptop, mobile device, or thumbnail drive, it could easily be stolen, sold, and disclosed.

9. Failure to Promptly Release Information to Patients

Per HIPAA regulations, patients have the right to quickly obtain electronic copies of their medical records upon demand. If your system is disorganized, or if the requested information is lost, you could end up violating HIPAA rules.

10. Small-scale Snooping

Here's a bit of shocking news: according to a 2011 survey by Veriphyr, the majority of HIPAA violations and security breaches are due to insiders who are snooping into the medical records of their co-workers and/or relatives. Without creating clearance levels, password protection, and tracking systems, this kind of snooping cannot be prevented.

What types of steps are you currently taking to avoid HIPAA violations within your facility?

Photo credit:  RickC via Flickr

fig gungor

Fig Gungor is CEO of OneSource Document Management, a New York based company that offers a broad range of customized copy and scanning services that translate into a significant savings for insurance companies, hospitals and large medical facilities.


We have a pain practice, with me and my partner 50% and an employeed physician.  
Many times patient come by to pick up rx for controlled substances. They are in a sealed envelope and sometimes to pick samples of drugs. Should the samples be in sealed bags / containers? Also apparently patients ask questions to the staff through the front window ie is this for 30 days? Is this Percocet ? Can they answer these questions through the window where others can hear??? Also apparently my office manager had a conversation with a patient through the window and she felt humiliated and is filing a report with the board of medicine. What is the appropriate way to handle this situation ?
Posted @ Tuesday, July 29, 2014 8:18 PM by Rasheed Siddiqui MD
Is it a hippa violation to print to do screen shots of my work performance that has pt med record no. and dx and discharge order to prove a cause to my employer. As well that it was taken from one building of the hospital to another because their office are 2 blocks away of each other. Is this consider a violation when the intention was to show the employer documents to proof how much work was done. Please advice thank you.
Posted @ Saturday, August 09, 2014 8:57 AM by marie gonzalez
Post Comment
Website (optional)

Allowed tags: <a> link, <b> bold, <i> italics