Subscribe by Email

Your email:


Best Practices in Release of Information Webinar


Browse by Tag

Follow Me


Current Articles | RSS Feed RSS Feed

10 Examples of HIPAA Violations


HIPAA violations exampleHIPAA violations are nothing to scoff at. These days, the minimum fine stands at $50K and can grow as large as $1.5 million for each provision of the rules. As such, healthcare professionals and insurance adjusters are all feeling the pressure, and are trying to do whatever they can to prevent falling out of compliance. But in order to stay out of trouble, you must first understand which mistakes to avoid. Here's a look at 10 common HIPAA violations:

1. Absence of a "Right to Revoke" Clause

When creating your facility's HIPAA forms, you must take care to inform patients of their right to revoke the permissions they have given for the disclosure of their confidential medical information to specific parties. Without this information, the HIPAA form is invalid, and any subsequent information released to a third party will be in violation of HIPAA regulations.

2. Release of the Wrong Patient's Information

Although it may seem obvious, the release of the incorrect patient's information can occur through careless mistakes. If your facility contains records for two patients with the same name, for example, you and your staff must be trained to correctly file all medical records, and release documents only for the authorized patient. 

3. Release of Unauthorized Health Information

When releasing information, it is imperative that you and your staff work to carefully verify that the requested documents have been approved for release. A patient may have requested that specific elements of their record (ie: mental health, alcohol/drug treatment, etc.) not be released, whereas others may choose to share their entire record with a specific entity. 

4. Release of Information to an Undesignated Party

In addition to verifying the PIH that has been okayed to be released, you must ensure that the specific recipient's authorization is in place. If the HIPAA authorization permits Jane Jones from ABC Insurance to receive a patient's healthcare record, for example, Mike Jones from ABC Insurance may not issue a request for the information. Only the exact person(s) listed on the patient's authorization form may receive confidential medical documents.

5. Failure to Adhere to the Authorization Expiration Date

Patients have the right to set an expiration date for their HIPAA authorization forms. If ABC Insurance is only authorized to receive a patient's PHI through a six month window, you and your staff must be sure to not release confidential records beyond the authorization's expiration. From here, you will need to contact the patient and obtain a new HIPAA form before information can be submitted to the requestor.

6. Lack of Patient Signature on HIPAA Forms

Never release a patient's information to an outside party without verifying that the HIPAA form has been signed by the patient. 

7. Improper Disposal of Patient Records

Failing to shred PHI before disposal could lead to disastrous consequences. If the confidential document(s) land in the wrong hands, your facility could receive fines and be dragged into court.

8. Unprotected Storage of Private Health Information

According to Healthcare IT News, the most common culprit behind HIPAA violations is stolen laptops. When doctors or insurers store private information on an unsecured laptop, mobile device, or thumbnail drive, it could easily be stolen, sold, and disclosed.

9. Failure to Promptly Release Information to Patients

Per HIPAA regulations, patients have the right to quickly obtain electronic copies of their medical records upon demand. If your system is disorganized, or if the requested information is lost, you could end up violating HIPAA rules.

10. Small-scale Snooping

Here's a bit of shocking news: according to a 2011 survey by Veriphyr, the majority of HIPAA violations and security breaches are due to insiders who are snooping into the medical records of their co-workers and/or relatives. Without creating clearance levels, password protection, and tracking systems, this kind of snooping cannot be prevented.

What types of steps are you currently taking to avoid HIPAA violations within your facility?

Photo credit:  RickC via Flickr

fig gungor

Fig Gungor is CEO of OneSource Document Management, a New York based company that offers a broad range of customized copy and scanning services that translate into a significant savings for insurance companies, hospitals and large medical facilities.


If someone that's a reciptionist in a hopital took a picture of a patients prescription with her iPhone and sent it to a friend of the reciptionist that doesn't know the patient, would that be a hipaa violation? If so how serious could the penalties be on the reciptionist? The reason she sent the picture was to comment / joke about a mutal friends ( prescribing doctor ) handwritting.
Posted @ Saturday, August 31, 2013 5:09 AM by Jared
I work as a nurse in a juvenile correctional facility. periodically, minors are sent out to the emergency room for treatment. Upon return to our facility, the supervising correctional officer also known as the watch commander demands to review emergency room documentation "before" the nurse has reviewed it. There are orders usually to transcribe and a diagnosis to review, but the nurse has to wait until the emergency room documentation has been reviewed by a non-health care employee/supervisor. Is this a HIPAA violation. I've never seen this before. Give me your input please.
Posted @ Sunday, January 12, 2014 6:48 AM by Ray
Is it a HIPAA violation as a paramedic to release the transport destination of a patient to a family member?
Posted @ Tuesday, February 11, 2014 6:49 PM by Luke
We have a pain practice, with me and my partner 50% and an employeed physician.  
Many times patient come by to pick up rx for controlled substances. They are in a sealed envelope and sometimes to pick samples of drugs. Should the samples be in sealed bags / containers? Also apparently patients ask questions to the staff through the front window ie is this for 30 days? Is this Percocet ? Can they answer these questions through the window where others can hear??? Also apparently my office manager had a conversation with a patient through the window and she felt humiliated and is filing a report with the board of medicine. What is the appropriate way to handle this situation ?
Posted @ Tuesday, July 29, 2014 8:18 PM by Rasheed Siddiqui MD
I have some coworkers that ask me why my family member gets certain medications from their Dr. I work at the pharmacy the the family uses, it that a violation of HIPPA?
Posted @ Thursday, July 31, 2014 12:00 PM by Kelli
Is it a hippa violation to print to do screen shots of my work performance that has pt med record no. and dx and discharge order to prove a cause to my employer. As well that it was taken from one building of the hospital to another because their office are 2 blocks away of each other. Is this consider a violation when the intention was to show the employer documents to proof how much work was done. Please advice thank you.
Posted @ Saturday, August 09, 2014 8:57 AM by marie gonzalez
Evernote is a powerful tool for going paperless. I understand that if the data resides outside the computer, Evernote is not HIPAA compliant. 
If the Evernote data is stored ONLY on the computer and the computer is locked in a safe place and backed up, can Evernote then be used?
Posted @ Thursday, September 04, 2014 8:24 AM by David Morrison
Good website.
Posted @ Tuesday, September 09, 2014 1:20 PM by Anne Kenny
According to HIPAA,can nurses, CNA's and other staff discuss patient information in common areas like Nurses Stations and semi private patient rooms where conversations might be overheard?
Posted @ Wednesday, September 10, 2014 6:18 PM by william davila
I'm in the lobby and the receptions is talking about me on speaker phone asking about personal questions and medical issues is this legal two other people heard conversation. I ran outside crying. The last said because she worked there she had the right to heat the conversation
Posted @ Wednesday, September 10, 2014 6:35 PM by monica
If a employee transport (takes) a patient prescription from there employer office to there home over night and transport there prescription to another facility, is that a HIPPA violation.
Posted @ Friday, September 12, 2014 8:05 AM by John Doe
Post Comment
Website (optional)

Allowed tags: <a> link, <b> bold, <i> italics