HIPAA Horror Stories


one-minute read

A Florida health system completely ignores HIPAA rules for years, leading to NFL Player’s Privacy Breach.

Here’s a thought experiment: imagine if you ran a large hospital system and completely ignored your responsibility to protect patient health information.

Privacy Breach For Sale

What if your employees were so confident in their ability to peruse patient medical data that they actually SOLD information to the highest bidder?

What if your risk analysis completely understated your exposure, putting your patients’ private health details into public hands on numerous occasions?

You don’t need to imagine such a scenario because it happened at Florida’s Jackson Health System.

The Miami provider of primary care, nursing, corrections health services and operator of six hospitals was fined more than $2.15 million for its numerous and blatant Health Insurance Portability and Accountability Act (HIPAA) violations between 2013 and 2016.

Privacy Breach: records in disarray for years

Roger Severino, director of the Office for Civil Rights (OCR), the federal agency responsible for investigating HIPAA violations, described Jackson Health’s records as “in disarray for a number of years.”

Professional Football Player Targeted in HIPAA Privacy Breach

The trouble started when the OCR launched an investigation of Jackson following reports of a professional football player’s medical records being shared on social media.

Federal investigators determined that two Jackson employees had repeatedly accessed Electronic Patient Health Information (ePHI) for non-authorized purposes.

Paper records lost in giant privacy breach

On two occasions, paper medical records were lost, putting more than 1,000 patients at risk of unauthorized data disclosure.

One employee, who had been illegally accessing 24,000 patient records over more than five years, had been selling private details.

Jackson did not contest any of the OCR’s privacy breach claims, choosing to pay the entire fine of $2.154 million penalty.

A complete list of Jackson’s privacy breach violations can be viewed here.

If your employees were illegally accessing ePHI, would you know? If not, how would you find out? If your answers are less-than-confident, we can help.

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Don’t become a HIPAA Horror Story! HIPAA compliance is easy, when you know the rules.

Request A Demo

Copyright © 2020 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms of Service | Privacy Policy

Powered by JEMSU

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

8820 Ladue Road Suite 200
Saint Louis, MO 63124

You may have questions about COVID-19 and HIPAA. We have answers. 

We are open and answering questions about all the new modifications and waivers, coming from HHS, OCR, CMS, and the new CARES act.

If you need help with HIPAA during the COVID-19 pandemic, fill in the form, and we’ll get back to you.

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free