What is Considered a Breach of HIPAA?

The Health Insurance Portability and Accountability Act of 1996 was a sector-wide influencing piece of legislation that was introduced to allow for more straightforward management of healthcare, deal with all wastage, prevent attempts at healthcare fraud, and ensure that staff members could manage healthcare coverage when between roles in different companies.

There have been a significant number of amendments to HIPAA, since its introduction, to increase the number of privacy protections in place for patients and health plan owners over the years which help to ensure healthcare data is safeguarded and the privacy of patients is completely secured.

Among those updates are:

  • HIPAA Privacy Rule
  • HIPAA Security Rule
  • HIPAA Omnibus Rule
  • HIPAA Breach Notification Rule.

A HIPAA violation is referred to as an instance where there was failure to comply with any aspect of HIPAA standards and provisions detailed in listed in 45 CFR Parts 160, 162, and 164.

The combined text of all HIPAA regulations released by the Department of Health and Human Services Office for Civil Rights makes up 115 pages and includes many, many provisions. There are a great number of ways that HIPAA Rules can be breached, although the most typically witnessed HIPAA violations those listed here:

There are a range of different consequence to deal with should any of the above occur.

What are the Possible Fines for not Adhering with HIPAA Rules?

The penalties for violations of HIPAA Rules can be very serious. State attorneys general are given the power to issue fines up to a maximum of $25,000 per violation category, per calendar year. OCR is given the authority to sanction fines of up to $1.5 million per breach category, per year. Multi-million-dollar fines can be – and are – issued.

As well as financial penalties for groups, there are also potential fines for individuals who violate HIPAA Rules and criminal penalties may be deemed appropriate. A jail term for breaching HIPAA could happen, with some violations carrying a penalty of up to 10 years prison time.

How are HIPAA Violations Noticed?

Many HIPAA violations are uncovered by HIPAA-covered entities during internal audits. Supervisors may uncover employees who have violated HIPAA Rules and staff members often self-report HIPAA violations and potential HIPAA breaches by co-workers.

The HHS’ Office for Civil Rights is the main body that polices HIPAA Rules and looks into complaints of HIPAA violations reported by healthcare workers, patients, and health plan subscribers. OCR also looks into all covered entities who make hem aware of breaches of more than 500 records and conducts investigations into certain smaller breaches. OCR also carries out periodic audits of HIPAA covered entities and business associates.

State attorneys general are also allocated the power to review any breaches and investigations are usually conducted due to complaints about potential HIPAA violations and when reports of breaches of patient records are submitted.


About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas should has data protection and innovations such as telehealth.