Accidental HIPAA Violations

Accidental HIPAA Violations

Published: February 8th, 2022

Most healthcare providers make every effort to ensure that HIPAA rules are followed, but sometimes accidents occur. What happens when there is an accidental HIPAA violation? How should an employee report an accidental HIPAA violation? 

Any HIPAA violation must be treated seriously. Whether a healthcare employee accidentally sent a fax containing PHI to the wrong recipient, or unintentionally viewed a patient's records, the incident is a violation of HIPAA that must be reported. 

For any accidental HIPAA violation, the employee must report the incident to the HIPAA Privacy Offer and explain the mistake that was made and which records were viewed or disclosed. The HIPAA Privacy Officer will determine what actions should be taken. 

In the event of an accidental HIPAA violation, the following actions need to be taken:

  1. Investigate the incident.
  2. Conduct a risk assessment.
  3. Provide additional training, as needed, to the individual(s) responsible.

Depending on the outcome of the risk assessment, the following actions may be required:

  1. Notification to the individual(s) whose privacy was violated.
  2. The breach must be reported to the Department of Health and Human Services' Office for Civil Rights (OCR).
  3. When reporting the breach, the HIPAA Officer must include an explanation of the violation, what steps were taken in response to the breach, and how many patient records were viewed or disclosed. 
  4. Breaches of 500 or more records must be reported to OCR within 60 days of the discovery of the breach. Smaller breaches must be reported no later than 60 days from the end of the calendar year in which the breach was discovered. Affected patients must be notified without unnecessary delay and no later than 60 days from the discovery of the privacy violation.

The failure to report a breach promptly could result in disciplinary action and potential penalties. 

If you have questions about a HIPAA violation or HIPAA training contact the experts at MedSafe. MedSafe is the nation's leading one-stop resource for outsourced accreditation and healthcare compliance solutions. For over 20 years, we have been providing peace of mind to hospital groups, private practices, and their business associates. Our suite of onsite and online services, including OSHA, HIPAA, Corporate Compliance and Code Auditing, equip your practice with the necessary tools and skills to achieve and maintain regulatory & billing compliance. MedSafe takes a hands-on approach and works directly with your team to uncover issues and define suitable solutions.