What is a HIPAA Violation?
The Health Insurance Portability Accountability Act (HIPAA) violations occur when the acquisition, access, use, disclosure of Protected Health Information (PHI) is done in a way that results in a significant personal risk of the individual.
TOP 10 HIPAA VIOLATIONS
- Failure to perform an organization-wide Risk Analysis
- Lack of a Risk Management Process / Failure to manage Security Risks
- Unsecured Protected Health Information (PHI) / Insufficient Electronic Protected Health Information (ePHI) Access Control
- Lack of HIPAA Compliance and Privacy Training
- Leaving portable electronic devices and paperwork unattended
- Failure to use encryption, or an equivalent measure, to safeguard ePHI on portable devices
- Unauthorized release of PHI/ePHI
- Impermissible disclosure of PHI/ePHI
- Failure to report a data breach
- Improper disposal of records containing PHI
Actual HIPAA Violation Cases
2018: Anthem paid $16 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) in a record HIPAA settlement being the largest health data breach in history. Anthem agreed to take substantial corrective actions to settle potential violations of the HIPAA Privacy and Security Rules after a series of cyber attacks had exposed the electronically protected health information (ePHI) of almost 79 million people.
2020: Premera Blue Cross agreed to pay $6.85 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). This breach affected over 10.4 million people. The breach which centered on a 2014 email phishing attack on Premara’s system lasted for nine months. This represents the second-largest payment to resolve a HIPAA investigation in OCR history.
If you would like general information about HIPAA, click to view the HIPAA page. Or, if you would like information regarding Travis County’s HIPAA Policies, or to report a suspected privacy concern, contact the Travis County Compliance and Privacy Officer.
