Blog Post

Compnedious Med Works

HIPAA violation - What it means for a healthcare organization

HIPAA violation and what it means for a healthcare organization could be understood through The American Congress' adoption of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 on August 21, 1996. HIPAA is split down into five groups that were sanctioned to maintain the flexibility and progression of health protection coverage in the masses and solitary markets, clarify the management of fitness insurance, and other motives.


Before HIPAA, it wasn’t always feasible for someone who had refused insurance to add up outside of that open engagement window. Generally obtained sets of network security solution levels for safeguarding health information just didn’t exist in the healthcare field before HIPAA. The execution of HIPAA plans, schemes, and regulations escorted in the latest generation for the healthcare industry, providing patients calm and introducing more optimism in healthcare organizations.

HIPAA Categorisation

HIPAA executive safeguards are diversified into various main types:

  • Safety management procedures
  • Allocated security authority
  • Personnel security
  • Statistics access conduct
  • Security consciousness and teaching
  • Business colleague pacts and other adaptations


What would be considered HIPAA violations

Common HIPAA violations meaning and the penalties imposed are listed as follows:

1) Employees revealing facts:

Employees’ divulging about patients to colleagues is a HIPAA infringement that can cost a practice a hefty fine. Employees must be conscious of their surroundings, regulate conversations regarding patients in isolated places.

2) Medical archives misusing:

Another very common HIPAA violations of healthcare sector are the misuse of patient archives. Printed medical archives must be kept secure and safe out of vision else a financial penalty.

3) Lost or Stolen Devices:

Robbery of PHI (protected health information) through lost or burgled laptops, hard disks, phones, and other gadgets that contain patient statistics can result in HIPAA violations doctors can face. Mobile phones are the most unsafe for burglary. Necessary security measures like password encryption should be used.

4) Texting patient information:

Texting patient statistics such as crucial signs or diagnostic results is often an easy way for providers to relay information quickly. While it may seem safe, it is potentially putting patient stats in the hands of hackers who could certainly access this information.

5) Social Media:

Publishing patient photos and videos on social media accounts is a HIPAA infringement. It may seem safe if a name is not taken, but a person may recognize the patient and know the doctor’s area of expertise, which is an infringement of the patient’s confidentiality. We have to ensure that all personnel is aware that the use of the internet to share is considered a breach of HIPAA.

6) Workers unlawfully accessing patient files:

Workers accessing patient stats when they are not approved is a common HIPAA violation. Whether it is out of interest or as goodwill, this is unlawful and can cost a practice significantly. Also, persons that utilize or trade PHI for self-benefit can be concerned with penalties and even jail time.

7) Social breaches:

An accidental infringement of patient information, particularly in villages. Most patients are not conscious of HIPAA laws and may ask a moral question to the healthcare provider at a social backdrop about someone they know. While these probes will happen, it is suitable to have a proper reaction organized beforehand to diminish the potential of released patient information.

8) Sanction needs:

A drafted permission is required to reveal any patient’s health information that is not used for therapy, remittance, treatment operations, or authorized by the Privacy Rule. If an employee is unsure, it is always best to get initial sanctions before divulging any information.

9) Accessing patient statistics on home PCs:

Most doctors use their home PCs or tabs from now and then to access patient statistics to write notes or reviews. This could potentially develop in a HIPAA infringement if the screen is coincidentally left on and a household member uses the laptop. They must make sure the computers are password encrypted and maintain all mobile devices out of observation to diminish the threat of patient information being accessed or burgled.

10) Lack of training:

One of the aims of a HIPAA breach is a worker who is not intimate with HIPAA rules. Often only supervisors, authorities, and medical personnel receive training though HIPAA law advocates all workers, clients, trainees, and someone with access to patient particulars to be taught. Abidance training is one of the most dynamic and effortless ways to avoid a breach.

Regular reviews, employee training

Overall, HIPAA adherence needs covered bodies to customarily evaluate federal rules and ensure that employees have received ongoing training sessions. As authorities continue to embrace and execute the latest technologies, reports are mandatory. This is also correct when it comes to threat examinations.


While it is logical to have anxieties over potential HIPAA violation and what it means for a healthcare organization, healthcare authorities cannot let that damage their regular functioning or, in their perspective to keeping subtle data safe. By having all HIPAA safeties in work, paired with regular considerations and upgrades as obligatory, covered institutions will be in a much better place to remain HIPAA compliant.


Patients trust healthcare authorities with their health information. Therefore it is of utmost significance that these units safeguard it against calculated or accidental abuse or divulgence from intrinsic and extrinsic sources. Now that technologies are developing and the healthcare industry is moving away from paperwork and depending more acutely on the use of electronic guidance systems, authorities must maintain their adherence to HIPAA features. With healthcare authorities bearing millions of dollars in penalties for non-adherence, the best way to safeguard the patients’ health information and maintain their confidence in the administrative data security is conflicting HIPAA adherence.