Rivas Goldstein, LLP Call : 646-859-3790

What does my medical practice need to know about HIPAA violations?

The Health Insurance Portability and Accountability Act (HIPAA) applies to sensitive patient health information. Medical practitioners are wise to understand how this federal law impacts their practice. Three important facts about this law include:

#1: Not everyone is aware of HIPAA's rules.

The rules apply to hospitals and private practices as well as chiropractors, dentists and schools. It is important to note that not everyone is aware of the intricacies of this law. Office personnel, nursing assistants and even some physicians may be unclear on the rules.

There are limits to what those who have sensitive healthcare information can disclose without the patient's consent. It is important to make sure everyone within the group is familiar with, and abides by, these rules. One common violation involves inappropriate discussions within the office. HIPAA generally allows medical providers to discuss the care of a patient they are both treating. An investigation could result in allegations of a violation if the discussion is not focused on patient care.

#2: HIPAA has requirements about the methods of communication.

HIPAA allows the use of some platforms for communication and forbids others. This is because certain platforms are not secure. Sending patient information to another treating physician over a text message, for example, could be a violation. This is because a hacker or other outside party could get this information. Instead, it is important to use approved, encrypted programs to share this information.

#3: Violations are expensive.

2020 has already seen multiple million-dollar HIPAA settlements. In a recent example, an email phishing attack in 2014 resulted in the installation of malware that left the group's data open to attack from the hackers. The group failed to detect the breach for nine months. It resulted in the exposure of over 10 million files on protected health information.

After an investigation, the Department of Health and Human Services (HHS) Office for Civil Rights fined the group, Premera Blue Cross, $6.85 million for the violation. The agency stated the penalty was appropriate, pointing to repeated noncompliance with HIPAA rules and failure to implement audit controls to support the hefty fine. As such, it is likely groups can reduce the risk of a penalty by having regular internal audits and a compliance program.

No Comments

Leave a comment
Comment Information
Email Us For A Response

Schedule A Consultation With An Attorney

Bold labels are required.

Contact Information
disclaimer.

The use of the Internet or this form for communication with the firm or any individual member of the firm does not establish an attorney-client relationship. Confidential or time-sensitive information should not be sent through this form.

close

Privacy Policy

Austin Office
3345 Bee Cave Rd, Suite 104
Austin, TX 78746

Phone: 512-481-2916
Map & Directions

New York Office
By Appointment Only
405 Lexington Ave 26th Floor
New York, NY 10174

Phone: 646-859-3790
Map & Directions

New Jersey Office
By Appointment Only
1 Gateway Center, Suite 2600
Newark, NJ 07102

Phone: 646-859-3790
Map & Directions

Review Us