AI Products 

Five Cautionary Tales: Proof That Hipaa Compliance Management Is Crucial

Jack Dsouja
Five Cautionary Tales: Proof That Hipaa Compliance Management Is Crucial

The Health Insurance Portability and Accounting Act (HIPAA) of 1996 was established to help protect patient privacy by requiring healthcare organizations and its trading parties to protect sensitive information- including how these data are being shared and used. Also due to the rising occurrence of cyber-attacks, HIPAA has a set of benchmarks that healthcare organizations must adhere to to assess and implement in their cyber defenses. 


Patient health data are highly sensitive and sought out by cybercriminals. Because medical records are rich in information, they can be exploited in many different ways such as identity theft, medical identity theft, and even tax frauds. Stolen medical data can sell 10 to 20 times higher than credit cards in black markets like the Darkweb. According to a report, stolen Medicare numbers are sold up to $500 each.

Five HIPAA Violation Cases And What You Can Learn From Them


HIPAA Violation on Facebook

A 24-year-old medical technician was fired for posting about a patient on Facebook. The former deceased patient died in an accident, so the employee made remarks using the words “Should have worn her seatbelt...”. While the comment itself looks public-spirited and innocent, she disclosed the PHI of the patient. Even though the hospital did not want to make any comments the employee said the hospital fired her because she violated HIPAA by posting information on social media.


WellPoint Inc. settles HIPAA violation by paying $1.7 million

After updating an internet-based database containing ePHI, the managed care company exposed more than 600,000 records over the internet. WellPoint had no idea about the breach until they received a notification from a lawsuit that their data is available through a web portal.

Incidents like this can easily be avoided if WellPoint:

  • Evaluated the technical changes resulting from software upgrades before rolling out.
  • Authenticated and limit the number of users who can access the data by implementing technology, policy, and procedures. For example, using a HIPAA Compliance Management software or application.


Termination of employees and doctors in the Britney Spears HIPAA case 

Six employees and thirteen doctors at UCLA medical center were fired because they peeked at Britney Spears’ medical records after her psychiatric hospitalization. The temptation to resist was just too great. Many of the employees who snooped into the PHI were non-therapeutic support staff without any legitimate medical rights. The comparable nature of HIPAA violation can be avoided by a key IT concept called the Principle of Least Privilege. The principle focuses on allowing data to be accessed by those employees with Live Chat Agents only who actually need it to perform their tasks.

Violation of HIPAA by submitting patient bills

The story involves a committed patient privacy advocate Dr. Barry Helfman, president-elect of the American Group Psychotherapy Association. According to the case files, Dr. Helfmann’s employees regularly passed patients due to bills to a collections firm. Protected information like CPT codes is included in the bills which in turn can give out the patients’ diagnoses. As a result, Helfmann’s license was in danger of revocation by the State of New Jersey. When firms pass patient bills to collection firms, it is crucial to exclude all patients' medical information.


St. Elizabeth’s Medical Center HIPAA security case

The medical center exposed and compromised the ePHI of nearly 500 people. The settlement developed from two events, one where an employee used a cloud-based file-sharing application. The medical center did not evaluate the risks of this application before using it. For example, If they had a HIPAA Compliance Management software equipped, which can evaluate the potential risks of action then the problem could have been averted. Nevertheless, St. Elizabeth’s Medical Center had to pay $218,400 in settlement.



Want to make sure you stay HIPAA Compliant?

More often, HIPAA violations originate from a poor understanding of HIPAA’s laws but not from malevolent intent. Several hospitals have taken adequate measures to prevent medical identity thefts, however involuntarily sometimes fail to comply with HIPAA’s rules and regulations.

That is why this robust application called HIPAA Ready has been designed to streamline the HIPAA compliance management process by managing a digital checklist of tasks, meetings, and training information. This application is designed to make healthcare providers' lives easier by keeping all the HIPAA-related documents and information in one place.

Jack Dsouja
Zupyak is the world’s largest content marketing community, with over 400 000 members and 3 million articles. Explore and get your content discovered.
Read more