Patient data is legally protected by the Health Insurance Portability and Accountability Act (HIPAA). Hospitals, healthcare providers, and insurance companies are mandated by law to comply with HIPAA policies and safeguard sensitive patient information. Here are recent updates regarding violations.
What is Protected Health Information?
Healthcare data must be kept private, a goal that businesses and their employees achieve by remaining in full compliance with HIPAA regulations. The specific term for the personal data that HIPAA laws aim to protect is known to industry professionals as Protected Health Information (PHI).
PHI includes a range of patient data. Examples include patient names, birthdates, physical addresses, and email. Social security numbers, medical record numbers, and forms of unique identification are included. Additional forms of PHI are dates of medical treatments, illnesses and patients’ births, and deaths.
Who has access to PHI?
Professionals in the healthcare industry who regularly use and access patients’ PHI include doctors, nurses, and insurance companies. Business associates, like lawyers and accountants who work in the healthcare field, also have access to PHI and must abide by HIPAA laws.
Individuals who process PHI for patients, such as dentists and chiropractors, as well as organizations, such as nursing homes, clinics, and pharmacies, are known as covered entities. They are responsible for reporting HIPAA violations and paying fines if a violation does occur.
What HIPAA updates are planned?
In order to remain compliant with HIPAA laws, entities must understand what’s new in terms of the privacy and security rules in 2022. The Department of Health and Human Services (HHS) continues to investigate minor breaches, increasing their attention on protecting PHI in the fields of mental health.
Today’s healthcare is gradually shifting toward remote consultations and digital evaluations. It’s important for professionals in the healthcare industry to conduct these digital health interactions in accordance with HIPAA’s privacy rules. Browsing social media at work, for example, may be a concern.
Covered entities must prepare for all the HIPAA changes and updates planned in recent years. HIPAA developments in 2022, for instance, include potential changes to patient acknowledgement of notice of privacy practices and allowable disclosures for care coordination and case management.
HIPAA updates in 2022 also include the right of citizens to access their PHI as well as fees that healthcare organizations may charge patients to access their health information. Disclosures for PHI during health crises are also being examined for revision in the 2022 HIPAA update.
What are the consequences of HIPAA violations?
HIPAA violations occur, but the majority of them are due to internal issues rather than external hacks or data breaches. Negligence, for instance, can lead to a violation. A workstation may be accidentally unlocked, or patient paperwork can be misplaced in a public setting.
Common violations also include the theft of professional equipment, hacking, malware, or ransomware. Medical offices can be vandalized, and PHI can be carelessly sent to the wrong recipient. Discussing PHI in public or posting it to social media are further instances of HIPAA violations.
The consequences of violating HIPAA laws can be severe. Fines may be issued by the Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general. Settlement amounts are usually agreed upon by covered entities who accept that a violation has occurred.
However, healthcare organizations or professionals may disagree with the findings of the investigation. In such cases, a financial penalty may be issued. Four HIPAA violation penalty tiers exist, with penalties in each tier increasing based on how knowledgeable the entity was of the violation.
In Tier 1, for example, the covered entity is unaware of the HIPAA violation and may receive a fine of $100 to $50,000 per violation. In Tier 2, the fine increases to $1,000 to $50,000 per violation, considering the entity should have known about the violation by exercising due diligence.
Tier 3 affects entities who willfully neglect HIPAA rules but correct the violation within 30 days of discovery; this tier comes with a penalty of $10,000 to $50,000 per violation. Tier 4 includes willful neglect of HIPAA rules without any effort to correct it; the fine is $50,000 per violation.
Over the past decades, HIPAA settlements and civil monetary penalties have fluctuated dramatically. In 2010, for example, total fines reached $1,035,000. However, in 2018, the HIPAA settlements and fines skyrocketed to $28,683,400. In 2022, fines reached slightly less than $2 million.
Data breaches can be circumvented when organizations implement strong login measures, such as complex passwords that must be regularly changed. Healthcare staff should log everything and ensure data monitoring is in place. Network, systems, software, and firewall security measures are advised.
HIPAA compliance is a year-round activity. Businesses and individuals are required by HIPAA laws to secure all PHI. Despite taking precautions, data breaches can occur. Healthcare patients have the right to qualified legal support when they become a victim of a medical data breach.
Contact Anderson + Wanca Law Firm
Anderson + Wanca is a law firm specializing in data breaches and cyber-attacks. We fight for your right to fair compensation by investigating the circumstances surrounding the data breach. Our attorneys are skilled in pursuing class action lawsuits that involve data security.
Cyber-attacks that lead to the leakage of PHI can be devastating to patients, especially considering the threats linger for years after the initial attack. Compromised personal information can lead to health insurance penalties, stolen credit cards and biometric data, identity theft, and data sold to spammers.
The costs are high when a patient becomes a victim of a medical data breach. Due to this reason, you deserve skilled legal assistance from Anderson + Wanca. Companies can be sued when they fail to preserve the confidentiality of patients’ personal health information.
When you are notified that a data breach has occurred, consult the data security attorneys at Anderson + Wanca. We’ll schedule you for consultation at our Chicagoland office and discuss your legal rights. Call us today and learn whether or not you’re eligible for a settlement.