The most frequently reported types of violations of the Health Insurance Portability and Accountability Act between 2003 and 2014 include Impermissible Uses and Disclosures, Safeguards, Access, and Minimum Necessary, according to the U.S. Department of Health & Human Services. These statistics only refer to complaints that required corrective action, and, the most common violations vary by year. Generally, the Office for Civil Rights mediates HIPAA complaints without court involvement, the Privacy Rights Clearinghouse states.Continue Reading
Multiple common violations often overlap in a single case. For example, a hospital failed to gain consent before releasing information about a patient's sport injury to the media, including a description of the condition, the details of the accident and photos of the patient's skull X-ray, HHS explains. As the hospital staff considered the sporting injury to be unusual, administrators released the information as a cautionary measure to prevent a threat to public health. Upon investigation, the Office for Civil Rights determined that the hospital's actions didn't satisfy the criteria for protecting the patient's identity, making the incident an impermissible disclosure and safeguard issue.
Upon filing of a HIPAA complaint, the Office for Civil Rights assesses the penalties based on one of four violation categories: unknowing, reasonable cause, willful neglect-corrected and willful neglect-uncorrected, the Privacy Rights Clearinghouse notes. Only the "willful neglect" categories involve an intentional violation, and penalties may be as steep as $1.5 million in a calendar year. While states may enact laws to give citizens options for legal action, federal HIPAA statutes do not grant the right to sue.Learn more about Law