Nine common HIPAA violations

In clinical documentation, we see eight HIPAA violations more often than any others:

  • Picking the wrong CC on an email containing protected health information
  • Picking the wrong patient name
  • Picking the wrong dictator
  • Picking the wrong account number, medical record number or subject ID
  • Entering the wrong supervising or attending physician
  • Sharing information about a patient with others who have no reason to have it
  • Failure to immediately report any potential breach or security incident to the compliance officer or your supervisor
  • Improper disposal of materials containing protected health information.

And there’s one other mistake that needs to be mentioned: going into a patient’s chart for no reason. While it’s not a common violation, it’s a serious one. Even employees who have rightful access to a patient’s chart can’t look at it without a valid reason. And while they usually know that, it bears repeating often because it’s the kind of thing that gets all types of workers, from MTs to nurses, doctors and administrators, into trouble.



Share and Enjoy:
  • Print
  • Facebook
  • Google Bookmarks
  • Tumblr
  • Twitter
  • LinkedIn
  • PDF
  • RSS

12 Responses to Nine common HIPAA violations

  1. Pingback: HIPAA compliance – a little education will save you a lot of trouble | NEMT

  2. Pingback: Do we expect medical record privacy? | fixMED

  3. Do you mind if I quiote a couple of your articles as long as I provide credit and sources back to your blog?

    My website is in the exact same area of interest as yours and my visitors would definitely benefit from some of the information
    you provide here. Please let me know if this okay with you.
    Appreciate it!

  4. Becky says:

    This might be the wrong place to post, but I am looking for an answer to a specific question. Perhaps you can help. I am a federal employee. My supervisor was given permission to look at my health record at the base clinic. After he looked at the file, he spoke with the doctor of the clinic about my file. The doctor, whom I’ve NEVER seen, rendered an opinion to my supervisor concerning my medications. I did NOT give permission to either of them to discuss me or the file. Is the doctor in violation of HIPPA and/or any other regulations? Thank you!!

    • Linda Allard says:

      Without knowing all the information, I cannot give you a solid answer on violations. If this has anything to do with Worker’s Compensation, then HIPAA does not apply the same way.

      Here is the link:
      so you can read it.

      If this doesn’t apply to you then you need to look at the papers that you signed as a federal employee, which I am not as familiar with. You may have made an authorization there when you signed your employment papers.

      You also want to look at the authorization you signed to release your file to your supervisor as it may have included the ability to speak with the doctor. I would speak with your HR representative and find out what you signed as a place to start.

      Good luck to you!
      - Linda Allard, CHPS

  5. Celeste Brown says:

    Can hospitals refuse to file insurance for only car accident patients without telling them and file liens on them so they can get paid 100%.

    • I’m not an expert on insurance but my understanding is that hospitals don’t have to handle private insurance at all if they don’t want to.
      That being said, I’d assume first off that it’s an error in processing, rather than an intentional dodge. You may find that calling the insurance company to work it out is better than calling the billing office at the hospital.

  6. Amy DeWitt says:

    In response to Celeste’s query about hospitals and car accident patients:
    1) As has been your experience, hospitals and medical providers are more frequently trying to avoid insurance adjustments whether a car accident, a slip/fall accident, etc. I am not aware of any regulations requiring medical providers to bill health carriers or even government entities ( MediCal, MediCaid, Medicare). However, as you know, an auto carrier or a third-party, liability plan never steps into the shoes of a patient’s health plan. The provider and the patient/claimant need to be reminded that while possibly in the best interest of the hospital, it is not in the best interest of the patient who may pay a premium for health insurance regardless of the reason for the injury. If liability is disputed, then the patient will be exposed and very likely taken to collections while the claim is being investigated and surely in the event coverage and/or liability are denied.
    2) For third-party personal injury claims, the “mitigation of damages” rule denies a plaintiff the right to recover that part of his or her damages which the court or a jury finds could reasonably have been avoided.
    3) If a first party claim, in California, with Medical Payment coverage, liability is not an issue, and the patient/claimant may submit the entire amount of the bill for payment or reimbursement.

    I hope this helps.

  7. Edna says:

    Is sending an email of PVSRs (Patient Safety Report) s/summary of PVSRs to all department employees, a HIPAA violation?

  8. Tamny says:

    I have a worker’s comp case and just received papers from adjustor and in those I found papers for another persons claim. These were also sent to my QME. What should I do?

  9. Pingback: Compliance Climate & On-Demand HIPAA Real World Scenario

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>