HIPAA Violation Horror Story Hour

HIPAA compliance is hardly a breeze. It requires storing your physical and digital files securely, having a designated person responsible for HIPAA compliance in your office, and doing your due diligence to make sure that personal files are not easily accessible by anyone in your office. If you’re not compliant, however, the cost isn’t just monetary—it could be your company’s reputation, too.

Here are the most common HIPAA violation consequences your business could face with improper document management.

Stolen Identities

The culprits: We’ve written about ways that you can reduce your risk of identity theft before. Something as simple as the improper disposal of paper documents, such as leaving them in the recycling bin or trash, puts your company at risk of identity theft and committing a HIPAA violation. A Dumpster diver cost an Illinois firm a $100,000 fine, for example.

The consequence: The consequence: Every two seconds, an identity is stolen in America. Medical identity theft is on the rise: In 2014, there were 2.3 million identified cases of medical identity theft, a 22 percent increase from the previous year. Subsequent years have all seen an increase in medical identity theft. Each HIPAA violation has a minimum penalty of $100 and can cost your business up to $50,000 per type of violation.

Data Breach that Costs You

The culprits: Protecting your business from data leaks is important. More than 4.4 million health records were exposed in the third quarter of 2018, and though hacking is increasingly responsible, theft and unauthorized disclosures are still the biggest culprits for this kind of exposure.

The consequence: Fines for data leaks are typically $50,000 per HIPAA violation, with an annual maximum of $1.5 million. Data breaches compromise the security of your patients, damage your reputation, and can cost your business hundreds of thousands of dollars, if not more. In June of 2018, The University of Texas MD Anderson Cancer Center was ordered to pay civil moneys of $4.3 million for various breaches.

Leaking Group Health Plan Information, Unknowingly

The culprits: In 2014, HIPAA also imposed the same privacy obligations on any employer who provides group health insurance. Though this was a number of years ago, companies may still be unaware of how this law affects their business. Often times, it’s insiders who are snooping, and it can happen when a co-worker looks at medical records without authorization or authorized personnel shares private information with unauthorized co-workers.

The consequence: If employers violate employee privacy, the same fines that are applicable to having a data leak of your client information are applicable to leaking information about your employees. Additionally, fines can be imposed against individuals and the company that discloses confidential information.

How to Avoid HIPAA Violations

Off-site records storage is the easiest way to ensure that you’re HIPAA compliant. With active records storage, store your files successfully off-site, and your records management company delivers them to your site as you need them. Start with 3 months of free records storage. New customers only. Type “Q4 storage offer” in the (optional) box.

Sign up now

Damaging Your Good Reputation

The culprits: If your company is found guilty of a HIPAA violation, it is required by law that you disclose this information to all of your clients. When these stories are picked up by the news, they could go viral, and the damage to your company’s reputation can become irreparable.

The consequence: When businesses receive bad publicity, this affects consumer confidence and can result in loss of revenue and jobs. The truth about data breaches is that 88% of customers will cut-off business with companies that have committed a breach of privacy, and 75% of your remaining customers will consider leaving.

Being Sued by a Patient

The culprits: Patients have the right under California law to access complete information about their medical condition and the care provided to them, on demand. If you do not promptly release information to your patients, this is considered a HIPAA violation.

The consequence: A patient can bring action against anyone who illegally denies them access to their own medical records. You and your company can then be charged and found guilty of a misdemeanor under California state law, and damages can be rewarded to the patient. Corodata’s HIPAA compliant online records center allows you to grant patients access to their medical records online.