Originally passed in 1996, the Health Insurance Portability and Accounting Act (HIPAA) is a dual-purpose law which aims to protect health insurance coverage for employees and their families during a transition to a new job (Title I), and to establish national standards for healthcare transactions (Title II).
The Largest HIPAA Breach Affected Nearly 5 Million People
Tricare Management, a health benefits service provider for military personnel, veterans, and their families, experienced the largest recorded HIPAA breach, affected an estimated 4.9 million patients. This monumental security breach was reported by Science Applications International (SAI) on September 14, 2011 and involved thousands of tapes containing patients' healthcare records.
Willful Neglect Is a Federal Crime
Some people assume that HIPAA violations only involve civil penalties, but this isn't the case. Healthcare providers or their employees whom knowingly and willfully violate HIPAA may be subject to federal prosecution. In fact, failure to correct violations will result a minimum fine of $50,000. Depending on the severity and nature of the violation, however, the Secretary of the Department of Health and Human Services (HHS) may recommend penalties in excess of $250,000.
Private Practices Experience The Highest Number of HIPAA Violations
According to data released by the HHS, private healthcare practices – local doctors, physician offices, chiropractors, etc. – experience the most HIPAA violations. If your business falls under this category, you should take a proactive approach towards ensuring your patients' data is safe and protected. In case you were wondering, hospitals come in second; outpatient facilities come in third, insurance groups come in fourth; and pharmacies come in fifth.
Healthcare Providers Can Share Information With a Patient's Family
Under the Health Insurance Portability and Accounting Act, doctors and healthcare providers are allowed to share information about a patient's care and/or treatment with their family, friends, or other individuals involved in their care or payment. With that said, the healthcare provider must verify the person's identify. Failure to check the person's driver's license or some other verifiable type of identify could result in a HIPAA-related fine or other consequences.
PHI Is The Most Commonly Reported HIPAA Violation
Misuse and disclose of Patient Health Information (PHI) is the most common HIPAA violation, according to the HHS.gov website. This catch-all term is used to describe the theft, loss, or otherwise disclosure of patients' health records. HIPAA states that healthcare providers must take both technical and physical measures to protect against the disclosure of PHI.