What is a HIPAA violation?

Featured image

Share this article

Data breach at the Federal Defense Information Systems Agency (DISA)

U.S. Health and Human Services’ (HHS) HIPAA, the Health Insurance Portability and Accountability Act, protects the rights and privacy of patients.

Healthcare covered entities (CEs) must follow this set of regulations and standards or face a HIPAA violation if found noncompliant.

Let’s take a closer look at this accountability and how to avoid HIPAA violations.

What is a HIPAA violation?

A HIPAA violation under the privacy rule occurs when a CE (or a business associate (BA)) does not properly safeguard its protected health information (PHI).

HIPAA compliance (i.e., not committing a violation) is about reducing the risk of a breach to an appropriate and acceptable level with security measures such as HIPAA compliant email.

SEE RELATED: The Complete Guide to HIPAA Violations

And a breach can be due to either negligence or an accident.

While both are likely to result in a fine, a breach does not automatically mean a violation (as long as a CE demonstrates its due diligence).

But if a violation does occur, depending on the outcome of the HHS Office for Civil Rights’ (OCR) investigation, fines can be $100 to $1.5 million along with possible jail time.

Common HIPAA violations

HIPAA compliance is much more complex today than in the past.

Of the 144 January–June 2016 OCR Breach Portal incidences (4,544,119 affected individuals), only 44 (30%) were hacking/IT-related.

Most (42%) were from unauthorized access/disclosure; only 21 (15%) were email breaches.

SEE RELATED: 7 Common HIPAA Violations You Need to Avoid

Since then, hacking/email incidences have increased drastically.

For January–June 2020, the OCR portal lists 196 PHI breaches (4,538,867 affected individuals).

And of these, 60% are from hacking/IT incidents, followed by unauthorized access/disclosure (23%), theft (8%), improper disposal (6%), and loss (4%).

The majority were email (45%) or network (22%) breaches.

On June 15, Becker’s Hospital Review listed 10 common reasons for HIPAA violations:

  1. Employee email phishing attacks
  2. Malware and ransomware attacks on networks
  3. Medical records snooping
  4. Improper disposal of medical records
  5. Theft of medical records
  6. Non-compliance third-party BA agreements
  7. Downloading PHI on unauthorized devices
  8. Medical records exposed during natural disasters
  9. PHI accidentally posted online
  10. Loss of medical records

While not in any specific order, the list is comparable to the portal’s breakdown.

In other words, phishing/malware is currently a major cause of breaches and HIPAA violations.

So how can you avoid a HIPAA violation?

One of the easiest ways to avoid a HIPAA violation is by focusing on compliance and risk analysis reviews that help discover breaches before they cause damage or are identified by OCR.

And beyond these necessary analyses, every CE must implement a compliance program that eliminates as much risk as possible in order to block and uncover almost every actual, possible, and probable breach.

A good compliance plan should include (but not be limited to):

  • Employee awareness training
  • Policies/procedures on work/personal device use
  • Access controls
  • Inbound/outbound email security
  • Separate networks for sensitive data
  • Offline data backups
  • Policies/procedures for data disposal.

In short, avoiding a HIPAA violation means actively and continuously finding the right combination of security features, for an organization and its patients.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022