HIPAA Violations – Ignorance of the Law is Not a Defense

In 1996 the U.S. Congress along with the Department of Health and Human Services passed the Health Insurance Portability and Accountability Act, which, basically “established a comprehensive and uniform Federal standard for ensuring privacy of genetic information.” Over the years there have been several changes to these laws, but the message remains pretty much the same; violations to the HIPPA will not be tolerated.

Medical practitioners have been too slow in embracing the new laws for patient privacy, but if you think HIPPA violations are something to be taken lightly just ask a group of twelve oncologists from Indiana who recently settled a lawsuit for non-compliance of HIPPA policies to the tune of $750,000! Before this, a lawsuit of this magnitude would have been filed against only larger practices, or hospitals, but with this case the Department of Health and Human Services of Civil Rights (OCR) is sending a message loud and clear –


Just to give you an idea of some of the more common “minor” violations that may seem harmless to the casual observer take a look at a few examples of HIPPA violations to better understand just how serious the OCR is about confidentiality.

One tricky area is when medical employees take their work home with them and discuss sensitive matters with family and friends. If you work in health services, where law protects private patient data, do not make the mistake of passing sensitive information about patients on to friends, spouses, or loved ones. This is a big no-no, and a direct violation which can land you, and your employer in hot water should those people share that information with the wrong person.

Another common violation, which may not seem like “not that big of a deal” to many, is failing to log off of computers where private information is stored. Internet security is a vital to the protection of patient information. Walking away from a computer without logging out opens the door for anyone to be able to access, and use confidential information.

If you are guilty of these activities then it would be wise for you, and your fellow staff members to discuss the basics of HIPPA policy in order to avoid a devastating lawsuit, or other penalties, which may not only cost you your job, but also possibly a large fortune. Not only should you, and your team be in full compliance with existing HIPPA rules at all times, by staying updated on current changes, and addendums to policies you’ll be protecting yourself, and your practice from unnecessary risks.