Common HIPAA Violations
Failure to adhere to the authorization expiration date - Patients can set a date when their authorization expires. A violation would be releasing confidential records after that date.
Failure to promptly release information to patients - According to HIPAA, a patient has the right to receive electronic copies of medical records on demand.
Improper disposal of patient records - Shredding is necessary before disposing of patient’s record.
Insider snooping - This refers to family members or co-workers looking into a person’s medical records without authorization. This can be avoided with password protection, tracking systems and clearance levels.
Missing patient signature - Any HIPAA forms without the patient’s signature is invalid, so releasing information would be a violation.
Releasing information to an undesignated party - Only the exact person listed on the authorization form may receive patient information.
Releasing unauthorized health information - This refers to releasing the wrong document that has not been approved for release. A patient has the right to release only parts of their medical record.
Releasing wrong patient's information - Through a careless mistake, someone releases information to the wrong patient. This sometimes happens when two patients have the same or similar name.
Right to revoke clause - Any forms a patient signs need to have a Right to Revoke clause or the form is invalid. Therefore, any information released to a third party would be in violation of HIPAA regulations.
Unprotected storage of private health information - A good example of this is a laptop that is stolen. Private information stored electronically needs to be stored on a secure device. This applies to a laptop, thumbnail drive, or any other mobile device.
Unencrypted Email of private health information - An example is sending email sent without authorized unencrypted email permission signed and store in patient emr chart. See HIPAA Forms.