{"id":195183,"date":"2021-07-30T12:27:01","date_gmt":"2021-07-30T16:27:01","guid":{"rendered":"https:\/\/www.attendancebot.com\/blog\/?p=195183"},"modified":"2021-08-31T06:25:35","modified_gmt":"2021-08-31T10:25:35","slug":"hipaa-violation","status":"publish","type":"post","link":"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/","title":{"rendered":"Important Questions Answered about HIPAA Violations"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">To begin with, what does HIPAA stand for? It stands for the Health Insurance Portability and Accountability Act of 1996. This article is a comprehensive explanation of HIPAA law, who it applies to, and its violations.\u00a0<\/span><\/p>\n<div class=\"lyte-wrapper fourthree\" style=\"width:960px;max-width:100%;margin:5px auto;\"><div class=\"lyMe qsa_\\&amp;start\\=1\" id=\"WYL_UdbF182f6GQ\"><div id=\"lyte_UdbF182f6GQ\" data-src=\"https:\/\/blog.attendancebot.com\/wp-content\/plugins\/wp-youtube-lyte\/lyteCache.php?origThumbUrl=%2F%2Fi.ytimg.com%2Fvi%2FUdbF182f6GQ%2Fhqdefault.jpg\" class=\"pL\"><div class=\"tC\"><div class=\"tT\"><\/div><\/div><div class=\"play\"><\/div><div class=\"ctrl\"><div class=\"Lctrl\"><\/div><div class=\"Rctrl\"><\/div><\/div><\/div><noscript><a href=\"https:\/\/youtu.be\/UdbF182f6GQ\" rel=\"nofollow\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blog.attendancebot.com\/wp-content\/plugins\/wp-youtube-lyte\/lyteCache.php?origThumbUrl=https%3A%2F%2Fi.ytimg.com%2Fvi%2FUdbF182f6GQ%2F0.jpg\" alt=\"YouTube video thumbnail\" width=\"960\" height=\"700\" \/><br \/>Watch this video on YouTube<\/a><\/noscript><\/div><\/div><div class=\"lL\" style=\"max-width:100%;width:960px;margin:5px auto;\"><\/div><\/p>\n\n<h2><span style=\"font-weight: 400;\">What Is HIPAA Law?<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">HIPAA law was passed by Congress in 1996. The law was put in place to prevent the unauthorized disclosure of an individual&#8217;s Protected Health Information (PHI). The law also protects the privacy rights of people and minimizes national healthcare fraud and abuse.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Individuals and companies with access to PHI should implement the right policies and procedures for data security. All personal data pertaining to individuals should be protected in compliance with HIPAA.\u00a0<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">What Information Does HIPAA Protect?<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">HIPAA as per federal law protects the following information:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Medical test results and other information of the patient\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Records that are with the insurance providers\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Information on prescriptions\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Any information pertaining to bills for medical treatments\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Diagnosis and any other treatment information given in the medical records<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Who Does HIPAA Apply To?\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Companies defined as covered entities have to comply with HIPAA law. But first, what exactly are covered entities?<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Covered entities include the following:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Health care providers that hold medical records of people such as doctors, nurses, nursing homes, hospitals, psychologists, and dentists<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Insurance companies\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Programs for health care by the government\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Business associates such as lawyers, contractors, IT professionals, and billing company that need access to health insurance data\u00a0<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Apart from the HIPAA law,\u00a0 covered entities also have to follow <\/span><a href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/privacy\/index.html\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\"><strong>The Privacy Rule<\/strong><\/span><\/a><span style=\"font-weight: 400;\"> which protects PHI, and <\/span><a href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/faq\/2000\/why-is-hipaa-needed-and-what-is-the-purpose-of-security-standards\/index.html\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\"><strong>The Security Rule<\/strong><\/span><\/a><span style=\"font-weight: 400;\"> which safeguards the confidentiality of the electronic Protected Health Information.\u00a0<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Who Is Exempt From HIPAA?<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Most businesses are non-covered entities and do not have any obligation to follow HIPAA regulations. Even if such employers provide <\/span><strong><a href=\"https:\/\/www.attendancebot.com\/blog\/types-of-employee-benefits-that-your-team-will-love\/?utm_source=blog+&amp;utm_medium=in-line&amp;utm_campaign=hipaa-violation\" target=\"_blank\" rel=\"noopener\">health insurance to their employees<\/a><\/strong><span style=\"font-weight: 400;\">, they by no means have the obligation to protect the data of their employees. Instead, the responsibility of protecting employees\u2019 data falls on the shoulders of health insurance companies.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Examples of non covered entities are:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Most schools\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Municipal offices\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Law enforcement agencies<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Many state agencies\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Life insurers\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Employers who require access to employees\u2019 medical records for the purpose of worker compensation claims\u00a0<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Although non-covered entities do not follow HIPAA law, they have to protect the confidentiality of employee health information under the US Privacy Act of 1974, the <\/span><a href=\"https:\/\/www.attendancebot.com\/blog\/hr-compliance\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\"><strong>ADA<\/strong><\/span><\/a><span style=\"font-weight: 400;\">, and state regulations.\u00a0<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-195187\" src=\"https:\/\/blog.attendancebot.com\/wp-content\/uploads\/2021\/07\/HIPAA-VIOLATION-IMAGE.jpg\" alt=\"HIPAA law protects health records pf people\" width=\"950\" height=\"500\" srcset=\"https:\/\/blog.attendancebot.com\/wp-content\/uploads\/2021\/07\/HIPAA-VIOLATION-IMAGE.jpg 950w, https:\/\/blog.attendancebot.com\/wp-content\/uploads\/2021\/07\/HIPAA-VIOLATION-IMAGE-300x158.jpg 300w, https:\/\/blog.attendancebot.com\/wp-content\/uploads\/2021\/07\/HIPAA-VIOLATION-IMAGE-768x404.jpg 768w, https:\/\/blog.attendancebot.com\/wp-content\/uploads\/2021\/07\/HIPAA-VIOLATION-IMAGE-100x53.jpg 100w, https:\/\/blog.attendancebot.com\/wp-content\/uploads\/2021\/07\/HIPAA-VIOLATION-IMAGE-700x368.jpg 700w\" sizes=\"auto, (max-width: 950px) 100vw, 950px\" \/><\/p>\n<h2><span style=\"font-weight: 400;\">What Is a HIPAA Violation?<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">A HIPAA violation is the failure to abide by the rules and standards of the HIPAA law. The infringement includes the following:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Disclosure and unauthorized use of an individual\u2019s Protected Health Information (PHI)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Failure to provide administrative, physical, and technical protection to the PHI<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Inability to carry out a company-wide risk analysis to identify possible risks to the confidentiality, and integrity of PHI<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Delay in breach notifications\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Failure to make HIPAA compliant agreement with business associates\u00a0<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">There are three ways to discover HIPAA infringements:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Office for Civil Rights or state attorney general conducts an investigation into a data breach\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">External parties conduct HIPAA compliance audit\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Investigation made into complaints of covered entities and business associates\u00a0<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">Pro Tip: It is advisable that covered entities conduct a regular internal HIPAA audit. This is because it will help businesses identify potential breaches and violations and prevent hefty penalties. It is better to start off early as the longer the delay, the higher the penalty.\u00a0<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">How to Report a HIPAA Violation?<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">In case you personally witness a HIPAA violation breach, you must report it to the OCR. anybody who is a witness to a beach has the right to report it.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">One can file a complaint via email, fax, or mail. you can also file a complaint directly to the <\/span><strong><a href=\"https:\/\/ocrportal.hhs.gov\/ocr\/smartscreen\/main.jsf\" target=\"_blank\" rel=\"noopener\">OCR Complaint Portal<\/a><\/strong><span style=\"font-weight: 400;\"> within 180 days of the breach being observed.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A covered entity must comply with HIPAA rules if a breach happens during the investigation. they should take corrective action or must pay the settlement amount.\u00a0<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">HIPAA Violation Consequences<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Once the HIPAA violation complaint has been filed, The <\/span><span style=\"font-weight: 400;\">U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) carries out an investigation which includes performing compliance review, education, and outreach programs.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In the case of a non-compliance complaint, the OCR will demand corrective actions or voluntary compliance.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It is important to keep in mind that violations can also lead to criminal and civil charges if the complaint goes to the Department of Justice.\u00a0<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Breach Fines for Violating HIPAA Regulations\u00a0<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The Department of Justice is responsible for handling breach fines related to HIPAA violations. They divide the fine into two categories: reasonable cause and willful neglect.\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">For reasonable cause, fines range from $100 to $500,000<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In case of willful neglect violations, penalties range from $10,000 to $50,000 and can also result in criminal charges\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Violations including fraud can result in a fine of $100,000 with up to 5 years of imprisonment\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Violations that includes selling or transferring private health information for purposes of causing harm, commercial advantage or personal gain result in a fine of $250,000 with up to 10 years of imprisonment<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">If a willful neglect violation is not corrected in due time, the penalties can go up to $1.5 million per year.\u00a0<\/span><\/li>\n<\/ul>\n<h2><span style=\"font-weight: 400;\">Most Common HIPAA Violations<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">There are <\/span><span style=\"font-weight: 400;\">some <\/span><span style=\"font-weight: 400;\">common HIPAA violations that have been carried out by covered entities. In such cases, the violations have to be settled with the state attorneys general and Office for Civil Rights (OCR). How big or small the settlement amount depends on the following factors:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The gravity of seriousness of the violation\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Duration of time for which the violation prevails\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Number of violations caught\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The financial position of the business associates and\u00a0 covered entities\u00a0<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Let\u2019s have a look at the list of common HIPAA violations below:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Accessing healthcare records of patients other than the reasons specified by the Privacy Rule. Examples such as treatment, healthcare operation, or payments, are an infringement of a patient\u2019s private information.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Employees snooping on health care information of friends, family, and co-workers when working in the same organization. As a consequence either they are fired or have to face criminal charges.\u00a0<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Although it is uncommon to have health care providers failing to prevent snooping on patients\u2019 healthcare information, it is still possible. Here is an example of the <\/span><span style=\"font-weight: 400;\">University of California Los Angeles Health System.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">University of California Los Angeles Health System paid $865,000 a fine for failing to prevent access to medical records. A doctor was investigated for exposing the health records of some celebrities and patients without authorization.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Failure to Carry Out Company-Wide Risks Analysis\u00a0<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">The failure to conduct a risk analysis in an organization leaves employers uninformed about the risk at which the employees\u2019 health records are. Employers remain unaware as to how vulnerable is the confidentiality and integrity of Protected Health Information.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Failure to perform a risk analysis requires covered entities to pay HIPAA settlement charges. For instance, in 2013 Oregon Health &amp; Science University paid <\/span><strong><a href=\"https:\/\/www.hipaajournal.com\/oregon-health-science-university-ocr-2-7-million-for-2013-data-breaches-3504\/\" target=\"_blank\" rel=\"noopener\">$2.7 million<\/a><\/strong><span style=\"font-weight: 400;\"> to OCR for failing to carry out organization-wide risk analysis. Similarly, Lahey hospital and medical Center paid <\/span><a href=\"https:\/\/www.hipaajournal.com\/ocr-settlement-reached-lahey-hospital-and-medical-center-8191\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\"><strong>$850,000<\/strong><\/span><\/a><span style=\"font-weight: 400;\"> for not being able to carry out a risk assessment and other HIPAA violations.\u00a0<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Inability to Manage Risk Management Process\u00a0<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Carrying out an organization-wide risk assessment is essential but not sufficient. Apart from identifying risks, there should also be mechanisms to manage them. Once identified, risks should be addressed as quickly as possible. However, many covered entities fail to do so, making it one of the most common HIPAA violations\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Just like there is a settlement amount for not carrying out a risk assessment, there is one for this also. Covered entities that don\u2019t address risks have to pay a settlement amount to OCR. For instance, the University of Massachusetts Amherst paid $650,000 a penalty for risk management failure.\u00a0<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Denying Access to Patients of Their Health Records\u00a0<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Another very common HIPAA violation is to deny patients access to their own medical records. According to the HIPAA Privacy Rule, patients have the right to their own medical records and copies of them. They may want access for multiple reasons such as checking for errors or sharing them with others such as doctors or family.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If an entity fails to provide access to medical records within 30 days of the requestor&#8217;s, overcharges for the copies of health records, it will have to pay a penalty for it.\u00a0<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Disclosing Patient Information to Unauthorized Individuals\u00a0<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">If a patient\u2019s healthcare information is given<\/span> to unauthorized individuals without the patient\u2019s consent, it will be a HIPAA violation. Therefore, it is better to obtain authorization from the patient. It is important to note that the patient or their representative sign the authorization form.<\/p>\n<h3><span style=\"font-weight: 400;\">Releasing Unauthorized Information\u00a0\u00a0<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">This point is similar to the last one but with a little twist. Even if the patient has provided authorization to disclose information to a third party, it is important to note what information has the patient given consent for. It is important to ensure that only the information on the authorization form should be shared with the third party. Any other information not on the form should remain confidential.\u00a0<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Using Unauthorized Devices to Download PHI\u00a0<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">It is a HIPAA requirement to ensure that all devices having access to personal information are secure. This is a common HIPAA violation by healthcare workers who download ePHI on insecure portable devices and suffer the consequences later.\u00a0<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">HIPAA Violation and COVID Vaccination\u00a0<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Given the pandemic, it is natural to wonder if asking about someone\u2019s vaccination status is a HIPAA violation.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Well, asking for a vaccination status is not a HIPAA violation as no personal health information is out in the open.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">When non-covered entities such as friends and family ask you about your vaccination status, it is not a HIPAA violation as you can disclose this information yourself.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Another important point is that certain businesses such as airlines, schools, and some companies may ask you for your vaccination status. It is important for them to know before they let you inside their facility and will not come under a HIPAA violation. However, it is up to you to disclose that piece of information or not.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Similarly, employers may ask their employees about their vaccination status or its proof for security purposes. Schools, colleges, and universities may also ask for vaccination proof before admitting students. This again cannot be termed a HIPAA violation.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Now, the question is what really is a HIPAA violation when considering COVID vaccination status.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If a covered entity discloses your vaccination status to anyone without your consent, it would be a HIPAA violation. For example, a doctor should not disclose their patient\u2019s vaccination status to their employer without consent.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If a doctor discloses the vaccination status of their celebrity patient to the media without written authorization, it will be a HIPAA violation.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If a media website publishes the same information, it will not be a HIPAA violation because the website is not a covered entity.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The key takeaway is that HIPAA laws do not prevent anyone from asking about your vaccination status. People can and will ask given the risky and uncertain times we are living in. It is however at your discretion to disclose that information or not.\u00a0<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">HIPAA: Best Practices\u00a0<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">As a covered entity or a business associate of a covered entity, you should be aware of HIPAA standards. Besides, you should introduce guidelines for best practices to ensure the privacy and protection of healthcare data in our organization.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Below is a checklist of dos and don&#8217;ts that will help you comply with HIPAA regulations.\u00a0<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Do\u2019s<\/span><\/h3>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Make employees aware of the HIPAA regulations on PHI usage and disclosure<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Develop a set of HIPAA policies and procedures and make it accessible for all employees\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Create a new role of Privacy officer in HR and make them responsible for processing complaints and providing information on data security procedures<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Carry out a company-wide risk assessment to discover any potential violations<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Train employees on a regular basis and ensure they stay updated on current HIPAA policies and procedures<\/span><\/li>\n<\/ul>\n<h3><span style=\"font-weight: 400;\">Don&#8217;ts<\/span><\/h3>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Sharing login credentials<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Leaving important documents unattended\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Accessing records of patients without an important reason<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Disposing PHI documents in general waste\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Sharing PHI on social media\u00a0<\/span><\/li>\n<\/ul>\n<h2><span style=\"font-weight: 400;\">The Final Word\u00a0<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Whether you are a hospital or a business, as long as you are a covered entity you have to abide by all the laws and regulations imposed by HIPAA. Make it a practice to perform regular checks on data protection policies so you don\u2019t have to pay hefty penalties and fines.\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/www.attendancebot.com\/time-tracking\/?utm_source=blog+&amp;utm_medium=banner+&amp;utm_campaign=hipaa-violation&amp;utm_content=final\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-195202 size-full\" src=\"https:\/\/blog.attendancebot.com\/wp-content\/uploads\/2021\/07\/Unique-Hook-for-Final-CTA.png\" alt=\"Time and Attendance Tracking with AttendanceBot\" width=\"785\" height=\"128\" srcset=\"https:\/\/blog.attendancebot.com\/wp-content\/uploads\/2021\/07\/Unique-Hook-for-Final-CTA.png 785w, https:\/\/blog.attendancebot.com\/wp-content\/uploads\/2021\/07\/Unique-Hook-for-Final-CTA-300x49.png 300w, https:\/\/blog.attendancebot.com\/wp-content\/uploads\/2021\/07\/Unique-Hook-for-Final-CTA-768x125.png 768w, https:\/\/blog.attendancebot.com\/wp-content\/uploads\/2021\/07\/Unique-Hook-for-Final-CTA-100x16.png 100w, https:\/\/blog.attendancebot.com\/wp-content\/uploads\/2021\/07\/Unique-Hook-for-Final-CTA-700x114.png 700w\" sizes=\"auto, (max-width: 785px) 100vw, 785px\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Did you know that your health care records could be at risk if not protected? Learn about common HIPAA violations and their best practices.  <\/p>\n","protected":false},"author":1,"featured_media":195186,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,1,38],"tags":[],"class_list":["post-195183","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hr-best-practices","category-uncategorised","category-us-law"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.8 (Yoast SEO v26.8) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Important Questions Answered about HIPAA Violation | AttendanceBot<\/title>\n<meta name=\"description\" content=\"Did you know that your health care records could be at risk if not protected? Learn about HIPAA violation and their best practices.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Important Questions Answered about HIPAA Violations\" \/>\n<meta property=\"og:description\" content=\"Did you know that your health care records could be at risk if not protected? Learn about HIPAA violation and their best practices.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/\" \/>\n<meta property=\"og:site_name\" content=\"AttendanceBot Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Anaekhq\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-30T16:27:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-08-31T10:25:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.attendancebot.com\/wp-content\/uploads\/2021\/07\/HIPAA-violation-featured-Image-.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"950\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@anaekhq\" \/>\n<meta name=\"twitter:site\" content=\"@anaekhq\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/\"},\"author\":{\"name\":\"Author\",\"@id\":\"https:\/\/www.attendancebot.com\/blog\/#\/schema\/person\/83a15ab898fb046f43fe8fc0909d700e\"},\"headline\":\"Important Questions Answered about HIPAA Violations\",\"datePublished\":\"2021-07-30T16:27:01+00:00\",\"dateModified\":\"2021-08-31T10:25:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/\"},\"wordCount\":2087,\"image\":{\"@id\":\"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.attendancebot.com\/wp-content\/uploads\/2021\/07\/HIPAA-violation-featured-Image-.jpg\",\"articleSection\":[\"HR Best Practices\",\"Uncategorised\",\"US Law\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/\",\"url\":\"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/\",\"name\":\"Important Questions Answered about HIPAA Violation | AttendanceBot\",\"isPartOf\":{\"@id\":\"https:\/\/www.attendancebot.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.attendancebot.com\/wp-content\/uploads\/2021\/07\/HIPAA-violation-featured-Image-.jpg\",\"datePublished\":\"2021-07-30T16:27:01+00:00\",\"dateModified\":\"2021-08-31T10:25:35+00:00\",\"author\":{\"@id\":\"https:\/\/www.attendancebot.com\/blog\/#\/schema\/person\/83a15ab898fb046f43fe8fc0909d700e\"},\"description\":\"Did you know that your health care records could be at risk if not protected? Learn about HIPAA violation and their best practices.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/#primaryimage\",\"url\":\"https:\/\/blog.attendancebot.com\/wp-content\/uploads\/2021\/07\/HIPAA-violation-featured-Image-.jpg\",\"contentUrl\":\"https:\/\/blog.attendancebot.com\/wp-content\/uploads\/2021\/07\/HIPAA-violation-featured-Image-.jpg\",\"width\":950,\"height\":500,\"caption\":\"HIPAA violation featured Image\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.attendancebot.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Important Questions Answered about HIPAA Violations\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.attendancebot.com\/blog\/#website\",\"url\":\"https:\/\/www.attendancebot.com\/blog\/\",\"name\":\"AttendanceBot Blog\",\"description\":\"Musings on Work\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.attendancebot.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.attendancebot.com\/blog\/#\/schema\/person\/83a15ab898fb046f43fe8fc0909d700e\",\"name\":\"Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.attendancebot.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/46465fa83979ffe666955581c08d101e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/46465fa83979ffe666955581c08d101e?s=96&d=mm&r=g\",\"caption\":\"Author\"},\"sameAs\":[\"https:\/\/www.anaek.com\/\"],\"url\":\"https:\/\/www.attendancebot.com\/blog\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Important Questions Answered about HIPAA Violation | AttendanceBot","description":"Did you know that your health care records could be at risk if not protected? Learn about HIPAA violation and their best practices.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/","og_locale":"en_US","og_type":"article","og_title":"Important Questions Answered about HIPAA Violations","og_description":"Did you know that your health care records could be at risk if not protected? Learn about HIPAA violation and their best practices.","og_url":"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/","og_site_name":"AttendanceBot Blog","article_publisher":"https:\/\/www.facebook.com\/Anaekhq\/","article_published_time":"2021-07-30T16:27:01+00:00","article_modified_time":"2021-08-31T10:25:35+00:00","og_image":[{"width":950,"height":500,"url":"https:\/\/blog.attendancebot.com\/wp-content\/uploads\/2021\/07\/HIPAA-violation-featured-Image-.jpg","type":"image\/jpeg"}],"author":"Author","twitter_card":"summary_large_image","twitter_creator":"@anaekhq","twitter_site":"@anaekhq","twitter_misc":{"Written by":"Author","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/#article","isPartOf":{"@id":"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/"},"author":{"name":"Author","@id":"https:\/\/www.attendancebot.com\/blog\/#\/schema\/person\/83a15ab898fb046f43fe8fc0909d700e"},"headline":"Important Questions Answered about HIPAA Violations","datePublished":"2021-07-30T16:27:01+00:00","dateModified":"2021-08-31T10:25:35+00:00","mainEntityOfPage":{"@id":"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/"},"wordCount":2087,"image":{"@id":"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.attendancebot.com\/wp-content\/uploads\/2021\/07\/HIPAA-violation-featured-Image-.jpg","articleSection":["HR Best Practices","Uncategorised","US Law"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/","url":"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/","name":"Important Questions Answered about HIPAA Violation | AttendanceBot","isPartOf":{"@id":"https:\/\/www.attendancebot.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/#primaryimage"},"image":{"@id":"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.attendancebot.com\/wp-content\/uploads\/2021\/07\/HIPAA-violation-featured-Image-.jpg","datePublished":"2021-07-30T16:27:01+00:00","dateModified":"2021-08-31T10:25:35+00:00","author":{"@id":"https:\/\/www.attendancebot.com\/blog\/#\/schema\/person\/83a15ab898fb046f43fe8fc0909d700e"},"description":"Did you know that your health care records could be at risk if not protected? Learn about HIPAA violation and their best practices.","breadcrumb":{"@id":"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/#primaryimage","url":"https:\/\/blog.attendancebot.com\/wp-content\/uploads\/2021\/07\/HIPAA-violation-featured-Image-.jpg","contentUrl":"https:\/\/blog.attendancebot.com\/wp-content\/uploads\/2021\/07\/HIPAA-violation-featured-Image-.jpg","width":950,"height":500,"caption":"HIPAA violation featured Image"},{"@type":"BreadcrumbList","@id":"https:\/\/www.attendancebot.com\/blog\/hipaa-violation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.attendancebot.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Important Questions Answered about HIPAA Violations"}]},{"@type":"WebSite","@id":"https:\/\/www.attendancebot.com\/blog\/#website","url":"https:\/\/www.attendancebot.com\/blog\/","name":"AttendanceBot Blog","description":"Musings on Work","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.attendancebot.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.attendancebot.com\/blog\/#\/schema\/person\/83a15ab898fb046f43fe8fc0909d700e","name":"Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.attendancebot.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/46465fa83979ffe666955581c08d101e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/46465fa83979ffe666955581c08d101e?s=96&d=mm&r=g","caption":"Author"},"sameAs":["https:\/\/www.anaek.com\/"],"url":"https:\/\/www.attendancebot.com\/blog\/author\/admin\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.attendancebot.com\/blog\/wp-json\/wp\/v2\/posts\/195183","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.attendancebot.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.attendancebot.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.attendancebot.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.attendancebot.com\/blog\/wp-json\/wp\/v2\/comments?post=195183"}],"version-history":[{"count":5,"href":"https:\/\/www.attendancebot.com\/blog\/wp-json\/wp\/v2\/posts\/195183\/revisions"}],"predecessor-version":[{"id":195203,"href":"https:\/\/www.attendancebot.com\/blog\/wp-json\/wp\/v2\/posts\/195183\/revisions\/195203"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.attendancebot.com\/blog\/wp-json\/wp\/v2\/media\/195186"}],"wp:attachment":[{"href":"https:\/\/www.attendancebot.com\/blog\/wp-json\/wp\/v2\/media?parent=195183"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.attendancebot.com\/blog\/wp-json\/wp\/v2\/categories?post=195183"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.attendancebot.com\/blog\/wp-json\/wp\/v2\/tags?post=195183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}