The Health Insurance Portability and Accountability Act (HIPAA) provides a variety of protections regarding patient health information. When there are violations — of an individual employee and/or a company — it could lead to monetary penalties.

Types of HIPAA Violations

Some violations stem from carelessness, such as walking away from a computer that has a patient’s health information on the screen, in plain sight of others, or accidentally leaving a patient’s medical file in a place where others can see it. Although these aren’t intentional acts, they are still considered violations. Fines typically are lower in these circumstances.

Other HIPAA violations would result in higher fines, depending on the situation, for instance, sharing a patient’s medical records with someone else. They are supposed to be confidential, unless they are to be released under a court order. Patients can sign for their information to be released, but forging a signature would be another violation.

Confidentiality applies to verbal discussions about a patient’s health. Employees who work for a healthcare provider, clinic, hospital or any other medical setting, cannot talk to friends or family about a patient. Nor can they post things on social media outlets, such as Facebook, regarding a specific patient.

There can be violations that stem from data stored on a computer, referred to as electronic protected health information (ePHI). A breach in electronic data that allows access to patients’ personal information, mistakenly sending the wrong electronic patient file or failing to incorporate security methods to reduce the risk of a breach are just some examples.

Penalties for HIPAA Violations

Per the American Recovery and Reinvestment Act of 2009, if the violator did not know he or she was in violation of HIPAA, fines could be $100 to $50,000. The next level of penalties stems from a violation where there was reasonable cause, but it wasn’t based on willful neglect. Fines range from $1,000 to $50,000.

If there was willful neglect, but it was corrected within a reasonable amount of time, the fines range from $10,000 to $50,000. And when there is willful neglect with no correction, the fine stands at $50,000.

Whether or not the maximum penalty is applied depends on the specifics of the situation; for instance, the type and extent of the violation, along with the impact it had on the person whose health information was unprotected.

Healthcare professionals who face allegations of HIPAA violations should consult a lawyer. Contact The Law Offices of Robert David Malove for a consultation.