Often when hospitals or health systems violate HIPAA rules, they are required to pay hefty fines.
Recently, Medical Informatics Engineering, a medical records service provider, paid $100,000 to settle a HIPAA violation that exposed the protected health information of nearly 3.5 million patients.
Below are the 10 most common HIPAA violations, according to the HIPAA Journal.
- Snooping on healthcare records.
- Failure to perform an organization-wide risk analysis.
- Failure to manage security risks/Lack of a risk management process.
- Failure to enter into a HIPAA-compliant business associate agreement.
- Insufficient ePHI access controls.
- Failure to use encryption or an equivalent measure to safeguard ePHI on portable devices.
- Exceeding the 60-day deadline for issuing breach notifications.
- Impermissible disclosure of protected health information.
- Improper disposal of PHI.
- Denying patient access to health records/exceeding timescale for providing access.
More articles on cybersecurity:
Oregon State Hospital alerts patients of phishing attack
Memorial Hermann employee 'improperly' used patients' credit card info
First cybercrime hotline unveiled in Rhode Island