HIPAA Complaints about Healthcare Organizations Reaching Record Levels

by | Jul 9, 2014

Over the past year the number of reported violations of Health Insurance Portability and Accountability Act (HIPAA) regulations has gone through the roof. The Department of Health and Human Services has seen a massive increase in late 2013 with the upward trend continuing in 2014 according to a recent data analysis.

Year on year figures show reported HIPAA complaints have risen by 45.7% with 6,701 complaints received up until May. Not all cases have lead to action being taken against the organization concerned although a relatively low number – 14% – resulted in no action being taken. However, although out of the cases which were examined, 26% called for HHS action to be taken.

The rise in HIPAA complaints can be explained, in part at least, on increased public awareness of data security laws. High profile thefts and data violations have been headline news in recent months and the reporting of compliance issues is being encouraged. The introduction of new laws and regulatory changes have also played a part, and the increased use of mobile devices in healthcare creates many new potential holes in security which cybercriminals can exploit.

Another reason for the rise is enforcement of the Omnibus Final Rule which introduced new financial sanctions for business associates who failed to adhere with HIPAA standards. The inclusion of business associates under HIPAA has increased the number of reported breaches as some associates failed to take appropriate action and become HIPAA compliant after changes were made to the law.

The government is adopting a hard line on offenders and is running random audits to ensure HIPAA compliance. The audits were begun in 2013 and are expected to continue into 2015. Healthcare organizations can expect a tougher approach from the government in months to come and compliance documentation will come under greater scrutiny.

Under the Omnibus Rule, organizations can expect much more stringent penalties for HIPAA violations with the Department of Justice becoming involved with any data breaches thought to involve criminal activity. Any patient suffering due to a data breach is entitled to take legal action to recover damages for loss and suffering, while complaints made to the government are followed up and action begun against offenders.

The increase in the use of mobile devices and extent to which data is recorded and transferred in patient management requires security measures to be implemented to ensure compliance and reduce security violations. Password protection, data encryption, remote erasing of lost mobile devices and secure messaging services can all be used to reduce danger, ensure compliance and keep PHI safe and away from criminals.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy