HIPAA violations

HIPAA Violations: 8 Common HIPAA Violations That Increase Legal Risk


February 15, 2021 | Reading Time: 2 Minutes

Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

HIPAA violations are surprisingly common, with many healthcare professionals unknowingly violating HIPAAa regulations. Breaches could be as simple as misplacing a USB drive or the inappropriate disposal of documentation. To avoid these violations, healthcare professionals should be wary of common HIPAA violations they might be committing. 

HIPAA Violation: Increased Risk with Telehealth

The risk of HIPAA violations is now more common than ever with the surge in demand for telehealth services across the US. More telehealth utilization will put your practice at greater risk of violating HIPAA regulations. This increased risk, caused by a rise in demand, calls for more awareness across the industry. 

According to HIPAA regulations, covered entities must uphold strict privacy and security standards to protect protected health information (PHI). PHI refers to any information that can be used to identify a patient, such as a name, address, phone number, email, medical information, or photos. Covered entities include any healthcare provider, health insurance plan, or healthcare clearinghouse. 

Common HIPAA Violations

Your organization may have already experienced a violation if at any time PHI wasn’t accessed, transmitted, disposed of, or handled properly. HIPAA violations vary greatly in scope and severity, but all breaches must be handled with care.

Here are some common HIPAA violations you should look out for:

  • Keeping nonsecure records containing PHI.
  • Data breaches caused by telehealth or EHR vendors.
  • Stolen or lost devices containing PHI, including USB drives, hard drives, laptops, or phones.
  • Data breaches involving malware, phishing, or ransomware.
  • Disposing of documents and files containing PHI in a way that allows for unauthorized future retrievals or misuse by leaving PHI in a trash can or throwing away a hard drive containing PHI.
  • Lack of HIPAA training for employees who come into contact with PHI. 
  • Sending PHI to wrong patient/address.
  • Misusing social media. 

While your practice might have already committed these common violations, there is always time to act on violations. You should always notify patients of their involvement in a breach according to the Breach Notification Rule. Use this link to report any HIPAA violations or data breaches to The Department of Health and Human Services (HHS) Office for Civil Rights (OCR).  

The best way to protect your practice from these common HIPAA violations is by putting an effective HIPAA compliance program in place.

Essential Telehealth Law & Ethical Issues

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Therapist AI & ChatGPT: How to Use Legally & Ethically

Immerse yourself in our highly-engaging eLearning program and delve into the uncharted territory of Artificial Intelligence (AI) in Behavioral Healthcare!

Telehealth Courtroom Realities: How to Stay Out of Legal Hot Water

Developed by a senior litigating telehealth attorney for the defense, this eye-opening telehealth training experience will help the clinician avoid the harsh realities of a courtroom.

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of Telehealth.org’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Was this article helpful?

Please share your thoughts in the comment box below.

Notify of
Newest Most Voted
Inline Feedbacks
View all comments
Linda Hypes
Linda Hypes
2 years ago

Is it a HIPPA violation for a coworker to go to another coworker Dr. and discuss their medical history?

1 year ago

Is using a first name only in an email a vilation

Register for Free

Receive Any of Our 57 FREE Newsletters!


Most Popular Blog Topics

You May Also Like…

ChatGPT HIPAA Considerations
ChatGPT HIPAA Considerations

ChatGPT HIPAA compliance is one of the hottest topics at 2023 conferences and with good reason. AI...