Is it a violation of HIPPA for a nurse to tell someone the results of a patient's blood work while the patient is asleep?
What Happens if you Violate HIPAA? – HIPAA Violation Classifications
What happens if you violate HIPAA? That depends of the severity of the violation. OCR prefers to resolve HIPAA violations using non-punitive measures, such as with voluntary compliance or issuing technical guidance to help covered entities address areas of non-compliance. However, if the violations are serious, have been allowed to persist for a long time, or if there are multiple areas of noncompliance, financial penalties may be appropriate.
The four categories used for the penalty structure are as follows:
Tier 1: A violation that the covered entity was unaware of and could not have realistically avoided, had a reasonable amount of care had been taken to abide by HIPAA Rules
Tier 2: A violation that the covered entity should have been aware of but could not have avoided even with a reasonable amount of care. (but falling short of willful neglect of HIPAA Rules)
Tier 3: A violation suffered as a direct result of "willful neglect" of HIPAA Rules, in cases where an attempt has been made to correct the violation
Tier 4: A violation of HIPAA Rules constituting willful neglect, where no attempt has been made to correct the violation
What is Considered a HIPAA Violation?
A HIPAA violation is a failure to comply with any aspect of HIPAA standards and provisions detailed in detailed in 45 CFR Parts 160, 162, and 164.
What is a HIPAA Violation?
Examples of HIPAA Violations
There are hundreds of ways that HIPAA Rules can be violated, although the most common HIPAA violations are:
Impermissible disclosures of protected health information (PHI)
Unauthorized accessing of PHI
Improper disposal of PHI
Failure to conduct a risk analysis
Failure to manage risks to the confidentiality, integrity, and availability of PHI
Failure to implement safeguards to ensure the confidentiality, integrity, and availability of PHI
Failure to maintain and monitor PHI access logs
Failure to enter into a HIPAA-compliant business associate agreement with vendors prior to giving access to PHI
Failure to provide patients with copies of their PHI on request
Failure to implement access controls to limit who can view PHI
Failure to terminate access rights to PHI when no longer required
The disclosure more PHI than is necessary for a particular task to be performed
Failure to provide HIPAA training and security awareness training
Theft of patient records
Unauthorized release of PHI to individuals not authorized to receive the information
Sharing of PHI online or via social media without permission
Mishandling and mismailing PHI
Texting PHI
Failure to encrypt PHI or use an alternative, equivalent measure to prevent unauthorized access/disclosure
Failure to notify an individual (or the Office for Civil Rights) of a security incident involving PHI within 60 days of the discovery of a breach
Failure to document compliance efforts
What are the Penalties for HIPAA Violations?
What are the Penalties for HIPAA Violations?
Also could anything be legally done about this?
Your answer can be found hidden in the mountain of material hereinabove.
Bottom line, be prepared to be ignored and to eventually receive NOTHING.
