HIPAA Compliance FAQs

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was passed to protect an employee’s health insurance coverage when they lose or change jobs. It also has provisions to ensure the privacy and confidentiality of Protected Health Information (PHI). Discover some common HIPAA violations examples and scenarios.

Covered Entities or service providers, including telemedicine providers, must comply with the risk analysis requirement mandated by the HIPAA Security Rule, MACRA, Meaningful Use and other regulations. Therefore, if you are a HIPAA Covered Entity or a Business Associate with access to Protected Health Information, you need to know what you need to do to be HIPAA compliant

• Release of the Wrong Patient’s Information.
• Release of Unauthorized Health Information.
• Missing Patient Signature on HIPAA Forms.
• Improper Disposal of Patient Records.
• Failure to Promptly Release Information to Patients.

The penalties were originally implemented in the HITECH Act 2009 and increase each year to account for inflation. The latest is provided by HHS health information privacy, here is the download referencing penalties for breaching HIPAA.

The HIPAA Breach Notification Rule requires Covered Entities and Business Associations to notify the Secretary of Health and Human Services of any impermissible use or disclosure of unsecured Protected Health Information. Different procedures apply depending on the nature of the breach and the number of records disclose without permission.

The HIPAA Privacy Rule was enacted many years before most social media platforms existed and therefore there are no specific rules for social media. Note, the disclosure of personal identifiable information without a patient´s consent is a violation of HIPAA and sharing PHI on social media would come into this category.