most common HIPAA violations

The 7 Most Common HIPAA Violations Going Into 2020

If you work in any healthcare setting, the importance of following HIPAA guidelines has been drilled in your head over and over again. And yet, the number of violations and lawsuits is continually increasing.

So are these violations intentional or accidental? Some of both to be sure. But it’s critical for any healthcare employee to recognize the potential risks to avoid them. 

Here are the 7 most common HIPAA violations right now. 

1. Overall Systems Cause Most Common HIPAA Violations 

Many HIPPA violations actually have little to do with the actual providers and their access to medical records. Instead, the overall organization poses the biggest threat. 

Every healthcare organization should conduct thorough assessments of their procedures and policies to find possible holes that could lead to a violation. If the system is set up to be as airtight as possible, then the risk is lowered and many of the possibilities taken away. 

While there are very specific ways that organizations can fall into non-compliance, the overarching problem behind many cases is the lack of the right structures in place over the whole company. 

2. Organization Has Weak Security Measures

One of the main ways that a healthcare organization may want to double-check their efforts is in the security surrounding their medical records. Any digital information, medical record or not, is subject to hacking and data breaches. And these losses of information are very common

Medical record storage is a prime target for hackers because the quantity of personal information is so large in one place. If they can get in, they have access to such a high volume. 

While a data breach is not an automatic HIPAA violation, if the company did not take sufficient measures to protect against it, they could be liable for damages. 

Another way a data breach can hurt a healthcare organization is if they do not follow the after protocol provided. There are several regulations a company must follow, including notifying those with compromised information in the allotted time period. 

3. Employees Looking At Non-Patient Information

Probably one of the more obvious HIPAA violations occurs when an employee looks into a patient’s chart that is not currently under their care or they do not have a legitimate reason to need information from that record. 

This happens often when there is a celebrity involved or a well-known individual. Those with access may feel compelled to look into the chart to get the “inside scoop”.

But it is probably even more tempting to look into the charts of people you know, friends, neighbors, and even family.

This must be avoided. Any looking into a non-necessary chart, even for a brief time, can result in a penalty and discipline.

4. Unauthorized Sharing of Personal Information

Patients provide healthcare organizations with a ton of personal information; social security numbers, phone numbers, addresses, payment information, job histories. All of this must be protected. 

Any sharing of patient information without prior authorization from that patient (or guardian) is a HIPAA violation and can result in negative consequences.

Healthcare companies should make sure that their authorization forms are very specific about what type of information can be released and exactly who it can be released to for protection. 

5. Incorrect Medical Record Disposal Methods 

A company cannot keep every medical record of every patient they have ever had. That is just not realistic or necessary. But the disposal of those records needs to be done properly in order to protect against unintentional HIPAA violations. 

This is another area that the overall organization-wide search for problems would be beneficial. 

Proper disposal of medical records includes shredding, burning, destroying magnet tapes. The destruction must also be properly documented.

6. Medical Records Left Unattended

Sometimes these HIPAA violations are very unintentional and that can be the hardest part; protecting yourself from having a problem. 

Any time a record, electronic or paper, is left unattended that can be a reason for a violation. So if the receptionist leaves her desk and there are records open on her desktop. If the nurse leaves a chart out on the nurses’ station. 

All of these seemingly insignificant actions can cause major problems that lead to fines. 

Healthcare employees need to take care that if they are working electronically they sign out of any medical records program every time they leave their desks. Paper records need to be properly filed when not in use. 

When records are left unattended, they are susceptible to theft. That is the case for both inside the healthcare facility and out. If a provider is taking documentation home, they need to be extra certain it is secure when not in use. 

7. Lack of Planning 

With most HIPAA violations, there could have been preventative measures to keep it from happening. Healthcare organizations and employees open themselves up to the risk of fines (or in more serious cases, jail time) if they do not put proper plans in place. 

If every employee in the company is trained in using the same procedures to handle patient personal information, there will be fewer issues. And if issues do arise, employees can let leadership know early on because they are aware of the policies. 


No healthcare company wants to be a part of any HIPAA news in 2020 and knowing these common mistakes can help with preventative measures. 

What did that old lady down the street always say? Proper planning prevents problems. If you work in healthcare, take a moment to evaluate how you handle patient information, and if you are protecting those records properly. 

Once you’ve done all you can do, turn to the security experts (us!) to get the extra help you need to protect against the most common HIPAA violations. 

Leave a Comment

HIPAA Security Reminders


HIPAA Security Suite has developed a weekly HIPAA Security Reminder series that’s FREE for all of us who are responsible for, or engaged in, the use and protection of PHI.

Pursuant to Section 164.308(a)(5) of the HIPAA Security Rule, the Standard states: Implement a security awareness and training program for all members of its workforce (including management).

This standard is part of our Best Practices Recommendations for HIPAA Security Suite users, but it’s available for FREE to anyone who wants to comply with HIPAA using the easiest, best tools available.

Sign Up

Scroll to Top