Healthcare and Big Data: HIPAA Violations and How to Prevent It

The HIPAA is made to protect the private information of a patient. The law frowns upon on any health practitioner who tries to violate the laid down rules of HIPAA. Penalties and civil suits await anyone who violates it; however, most offenders do not commit this because of evil intent, but merely because of ignorance. This shows how serious how serious it is to violate the HIPAA.

Reports from reliable sources state that US organizations lose 5% of its revenue to fraud each year. Meanwhile, US retailers lose a whopping sum of $60 billion USD to fraudsters, of which most of the employees are found at a fault.

Healthcare professionals are susceptible to these violations as they have direct access to all this sensitive information. This goes to show that even if big data is secured from external hackers and malicious code, those who have access to it can still exploit the information. Below are such cases where violations involving sharing patients’ information via social media, illegal access of patients file, mishandling of records and other forms of violation:

• Surgeon sentenced to prison for HIPAA violation: A former cardiothoracic surgeon and a Chinese immigrant, Huping Zhou has dismissed from the medical profession. After dismissal, Zhou illegally accessed the UCLA medical records system for over 300 times. He accessed the health records of his immediate supervisor and several celebrities which include Tom Hanks, Leonardo DiCaprio, and Arnold Schwarzenegger. Zhou was sentenced to 4 months in prison and a fine of $2000. Zhou was a researcher at UCLA school of medicine before his dismissal.

• Hospital worker charged with HIPAA law violation: Sometime around 2014, Texas hospital employee Joshua Hipper bagged an 18-month jail term. What was his offense? He wrongly disclosed a patient’s private information. At the point of his arrest medical records was found on him. He was charged with disclosure of medical records for personal purposes. Although his case is rare, it served as a warning that individuals can be prosecuted as well and nobody is above the law.
• Respiratory therapist convicted for HIPAA violation: Jamie Knapp is yet another employee to be convicted of violating the HIPAA law. Jamie was an employee of pre-medical bay park hospital in Ohio who accessed a total of 596 medical records of patients within ten months. It was her job to view patients file related to her, but she went on to view those she wasn’t authorized to. If found guilty she might be in jail for a whole year serving her term.
• File Conversion Leads to HIPAA Case: An orthopedic clinic hired a vendor in 2016 to convert their x-ray films on file to a digital form then harvest the silver from films. The clinic violated the HIPAA law by not signing a BBA with the vendor. The clinic was fined $750,000 for the violation.
• Nurse Faces Jail Time for HIPAA Violations: This particular case shows ignorance and lack of training among staff. An employee at mid-size clinic accessed the patient’s records and gave it to the husband. The husband of the employee with the given medical records called the plaintiff and threatened that the charges be dropped off which, the victim complained to the attorney general’s office and the clinic. Such a case might attract up to ten years in prison and also drew a penalty of $250,000. The employee was sacked immediately the report was made, and other employees were informed at a general staff meeting about the HIPAA.

Despite these violations, HIPAA data breaches continued to climb up to 138% from 2014. Until now, the HHS are still receiving complaints; clearly a sign that violations continue to happen.

Taking Necessary Measures to Ensure HIPAA Compliance

Development of privacy policies: Virtually every organization needs to have a well-detailed privacy policy. Any healthcare organization must take the pains to develop, adopt and implement privacy and security policies. The privacy policies should also contain actions to be taken when there is a violation.

1. Appointment of confidentiality and security officers: HIPAA regulations and policies are not to be taken lightly. Therefore, a healthcare organization should employ privacy and safety officers. Most especially ones those are very conversant with the HIPAA regulations and policies.
2. Regular risk assessments: Risk assessment checks should be conducted on a monthly basis to pinpoint loopholes. This simple yet effective exercise will ensure that all health information is protected and safe. During such assessments, possible threat should be eliminated to avoid future problems and complications.

1. Adoption of mobile device policies: The use of cell phones has caused havoc in some organizations. It is essential that health care organizations set stringent rules guiding storage of health information on mobile devices such as laptop computers, cameras, and phones. There should be room for the rule restricting the movement of those gadgets containing health information from the organization building.
2. Training of employees: Conducting training session for both new and old employee of any organization is an excellent idea. Most cases of HIPAA violations are mostly as a result of ignorance. Training where policies guiding HIPAA should be taught.
3. Adoption of potential breach protocols: Healthcare organizations should also do well to set up protocols to handle breach of protected health information. In a situation where the breach has already occurred swift action should be taken to inform the necessary authorities.
4. Entering into valid agreements. The Association of Certified Fraud Examiners states that team member dishonesty can range from tens of thousands to millions of dollars. Twenty years of investigating dental and medical practices and non-profits across Canada and the United States have proven losses ranging from $3,000 to $2.1 million! Fidelity Bonds, also called team member dishonesty coverage or crime coverage, are available to dental and medical entities. It is customizable, inexpensive, and provides protection from $10,000 to $100,000, as this can vary by bond type and your financial strength. Fidelity bonds can be a part of the practice property or malpractice insurance, and some bond providers even special breach coverage for HIPAA cases.