11 Ways HIPAA Could Be Violated in Your Office

Snooping through the medical records of family, friends, neighbors, co-workers, and celebrities is one of the most common HIPAA violations committed by employees.

Snooping on the medical and healthcare records of others is one of the most common ways HIPAA is violated, but it's far from the only way. The following HIPAA violations could also lead to disciplinary action against an employee:

  1. Accessing information not pertinent to their job 
  2. Sharing computer usernames, passwords and logins
  3. Allowing someone to access or view sensitive information by leaving a computer unattended 
  4. Sharing sensitive information with unauthorized people
  5. Copying sensitive information without permission to do so
  6. Discussing sensitive information where other, unauthorized people could overhear
  7. Discussing sensitive information with people who are unauthorized
  8. Improper disposal of records
  9. Unauthorized release of information to others, including close family members
  10. Falling to encrypt portable devices, allowing inappropriate access to HIPAA-protected information
  11. Failure to issue notifications of security breaches in a timely manner (no later than 60 days) and without unnecessary delay

What to Do if HIPAA Violations Occur

  • First violation: Verbal/written reprimand, retrain on your privacy/security policies
  • Second violation: Written reprimand, possible suspension, retrain on privacy/security policies
  • Third Violation: Termination, civil or criminal penalties as provided under HIPAA or other applicable Federal/State Law

Depending on the severity of the violation any single act may result in disciplinary action up to and including termination.

For more information on this or other risk management related topics visit our Risk Management section.

This website uses first party and third party cookies to improve your experience and anonymously track site visits. By visiting this website, you opt-in to the use of cookies. OK