HIPAA Horror Stories

HIPAA HUBRIS

one-minute read

A Florida health system completely ignores HIPAA rules for years, leading to NFL Player’s Privacy Breach.

Here’s a thought experiment: imagine if you ran a large hospital system and completely ignored your responsibility to protect patient health information.

Privacy Breach For Sale

What if your employees were so confident in their ability to peruse patient medical data that they actually SOLD information to the highest bidder?

What if your risk analysis completely understated your exposure, putting your patients’ private health details into public hands on numerous occasions?

You don’t need to imagine such a scenario because it happened at Florida’s Jackson Health System.

The Miami provider of primary care, nursing, corrections health services and operator of six hospitals was fined more than $2.15 million for its numerous and blatant Health Insurance Portability and Accountability Act (HIPAA) violations between 2013 and 2016.

Privacy Breach: records in disarray for years

Roger Severino, director of the Office for Civil Rights (OCR), the federal agency responsible for investigating HIPAA violations, described Jackson Health’s records as “in disarray for a number of years.”

Professional Football Player Targeted in HIPAA Privacy Breach

The trouble started when the OCR launched an investigation of Jackson following reports of a professional football player’s medical records being shared on social media.

Federal investigators determined that two Jackson employees had repeatedly accessed Electronic Patient Health Information (ePHI) for non-authorized purposes.

Paper records lost in giant privacy breach

On two occasions, paper medical records were lost, putting more than 1,000 patients at risk of unauthorized data disclosure.

One employee, who had been illegally accessing 24,000 patient records over more than five years, had been selling private details.

Jackson did not contest any of the OCR’s privacy breach claims, choosing to pay the entire fine of $2.154 million penalty.

A complete list of Jackson’s privacy breach violations can be viewed here.

If your employees were illegally accessing ePHI, would you know? If not, how would you find out? If your answers are less-than-confident, we can help.

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Don’t become a HIPAA Horror Story! HIPAA compliance is easy, when you know the rules.

Request A Demo

Copyright © 2019 The ET&C Group LLC.
The HIPAA E-Tool® is a registered trademark of The ET&C Group LLC
Terms of Service | Privacy Policy

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free