HIPAA Violation
Risk Management

Are you or your staff violating HIPAA in ways you don't realize?

Snooping on healthcare records of family, friends, neighbors, co-workers, and celebrities is one of the most common HIPAA violations committed by employees.


One of the most common HIPAA violations committed by employees is snooping into the healthcare records of family, friends, neighbors, co-workers, and celebrities. Did you ever wonder what other medical practices classify as common employee HIPAA violations?

Our policyholders shared the following HIPAA violations that may lead to disciplinary action against an employee:

  • Accessing information they do not need to know to do their job
  • Sharing computer usernames/passwords
  • Leaving a computer unattended allowing someone else to access or view sensitive information
  • Sharing sensitive information with unauthorized individuals
  • Copying sensitive information without permission
  • Discussing sensitive information in an area where others might overhear the conversation
  • Discussing sensitive information with unauthorized individuals
  • Improper disposal of medical records
  • Unauthorized release of information to family members or third parties
  • Falling to encrypt portable devices allowing access to patient information
  • Failure to issue notifications of breaches without unnecessary delay and no later than 60 days
What should you do when these instances occur?

First violation:  Verbal/written reprimand, retrain on your privacy/security policies

Second violation:  Written reprimand, possible suspension, retrain on privacy/security policies

Third violation:  Termination, civil or criminal penalties as provided under HIPAA or other applicable Federal/State Law

Depending on the severity of the violation any single act may result in disciplinary action up to and including termination.

For more information on this or other risk management related topics visit https://www.psicinsurance.com/physicians/risk-management/    


The information in the NCMIC Learning Center is offered solely for general information and educational purposes. It is not offered as, nor does it represent, legal or professional advice. Neither does this information constitute a guideline, practice parameter or standard of care. You should not act or rely upon this information without seeking the advice of an attorney familiar with the specific legal requirements of the state(s) in which you practice. If there is a discrepancy between the site and an insurance policy you have with NCMIC, the policy will prevail.