Abstract
In 2018, the Office for Civil Rights (OCR) saw Health Insurance Portability and Accountability Act (HIPAA) enforcement violations amount to $28.7, the most in one year to date [1]. https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/2018enforcement/index.html.Sincethe start of HIPAA in April 2003, there have been 216,195 complaints. This resulted in 39,132 investigations. Seventy percent, 27,225 required corrective action [2].
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
OCR Concludes 2018 with All-Time Record Year for HIPAA Enforcement. https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/2018enforcement/index.html. Accessed October 15, 2019.
US Department of Health and Human Services. Numbers at a Glance. https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/data/numbers-glance/index.html#allcomplaints. Accessed October 23, 2019.
HIPAA Privacy Law: Standards for Privacy of Individually Identifiable Health Information. U.S. Department of Health and Human Services, Office for Civil Rights. (45CFR Parts 160 and 164) Federal Register, August 14, 2002. 45CFR160.103.
HIPAA Privacy Law: Standards for Privacy of Individually Identifiable Health Information. U.S. Department of Health and Human Services, Office for Civil Rights. (45CFR Parts 160 and 164) Federal Register, August 14, 2002. 45CFR164.502(b).
HIPAA Privacy Law: Standards for Privacy of Individually Identifiable Health Information. U.S. Department of Health and Human Services, Office for Civil Rights. (45CFR Parts 160 and 164) Federal Register, August 14, 2002. 45CFR164.502(a)(1).
HIPAA Privacy Law: Standards for Privacy of Individually Identifiable Health Information. U.S. Department of Health and Human Services, Office for Civil Rights. (45CFR Parts 160 and 164) Federal Register, August 14, 2002. 45CFR164.508.
HIPAA Privacy Law: Standards for Privacy of Individually Identifiable Health Information. U.S. Department of Health and Human Services, Office for Civil Rights. (45CFR Parts 160 and 164) Federal Register, August 14, 2002. 45CFR164.510.
HIPAA Privacy Law: Standards for Privacy of Individually Identifiable Health Information. U.S. Department of Health and Human Services, Office for Civil Rights. (45CFR Parts 160 and 164) Federal Register, August 14, 2002. 45CFR164.512.
HIPAA Privacy Law: Standards for Privacy of Individually Identifiable Health Information. U.S. Department of Health and Human Services, Office for Civil Rights. (45CFR Parts 160 and 164) Federal Register, August 14, 2002. 45CFR164.520.
HIPAA Privacy Law: Standards for Privacy of Individually Identifiable Health Information. U.S. Department of Health and Human Services, Office for Civil Rights. (45CFR Parts 160 and 164) Federal Register, August 14, 2002. 45CFR164.520(c)(3)(i).
HIPAA Privacy Law: Standards for Privacy of Individually Identifiable Health Information. U.S. Department of Health and Human Services, Office for Civil Rights. (45CFR Parts 160 and 164) Federal Register, August 14, 2002. 45CFR164.524(a)(1)(i).
HIPAA Privacy Law: Standards for Privacy of Individually Identifiable Health Information. U.S. Department of Health and Human Services, Office for Civil Rights. (45CFR Parts 160 and 164) Federal Register, August 14, 2002. 45CFR164.524(b)(2).
HIPAA Privacy Law: Standards for Privacy of Individually Identifiable Health Information. U.S. Department of Health and Human Services, Office for Civil Rights. (45CFR Parts 160 and 164) Federal Register, August 14, 2002. 45CFR164.526(b)(2).
HIPAA Privacy Law: Standards for Privacy of Individually Identifiable Health Information. U.S. Department of Health and Human Services, Office for Civil Rights. (45CFR Parts 160 and 164) Federal Register, August 14, 2002. 45CFr164.530(a)(1).
HIPAA Privacy Law: Standards for Privacy of Individually Identifiable Health Information. U.S. Department of Health and Human Services, Office for Civil Rights. (45CFR Parts 160 and 164) Federal Register, August 14, 2002. 45CFR164.530(2)(b)(1) & (C)(ii).
HIPAA Privacy Law: Standards for Privacy of Individually Identifiable Health Information. U.S. Department of Health and Human Services, Office for Civil Rights. (45CFR Parts 160 and 164) Federal Register, August 14, 2002. 45CFR164.530(d)(1).
HIPAA Privacy Law: Standards for Privacy of Individually Identifiable Health Information. U.S. Department of Health and Human Services, Office for Civil Rights. (45CFR Parts 160 and 164) Federal Register, August 14, 2002. 45CFR164.530(e)(1).
HIPAA Privacy Law: Standards for Privacy of Individually Identifiable Health Information. U.S. Department of Health and Human Services, Office for Civil Rights. (45CFR Parts 160 and 164) Federal Register, August 14, 2002. 45CFR164.530(j)(2).
HIPAA Security Law: Health Insurance Reform: Security Standards Final Rule. U.S. Department of Health and Human Services, Office of the Secretary (45 CFR parts 160, 162, and 164) Federal Register, February 20, 2003. 45CFR164.306)(d).
HIPAA Security Law: Health Insurance Reform: Security Standards Final Rule. U.S. Department of Health and Human Services, Office of the Secretary (45 CFR parts 160, 162, and 164) Federal Register, February 20, 2003. 45CFR164.308(2)).
HIPAA Security Law: Health Insurance Reform: Security Standards Final Rule. U.S. Department of Health and Human Services, Office of the Secretary (45 CFR parts 16, 162, and 164) Federal Register, February 20, 2003. 45CFR164.308(1).
HIPAA Security Law: Health Insurance Reform: Security Standards Final Rule. U.S. Department of Health and Human Services, Office of the Secretary (45 CFR parts 160, 162, and 164) Federal Register, February 20, 2003. 45CFR164.308(1)(ii)(C)).
Jail Terms for HIPAA Violations by Employees HIPAA Journal, March 22, 2018. https://www.hipaajournal.com/jail-terms-for-hipaa-violations-by-employees/. Accessed October 30, 2019).
HIPAA Security Law: Health Insurance Reform: Security Standards Final Rule. U.S. Department of Health and Human Services, Office of the Secretary (45 CFR parts 160, 162, and 164) Federal Register, February 20, 2003. 45CFR164.308(5)(i)).
HIPAA Security Law: Health Insurance Reform: Security Standards Final Rule. U.S. Department of Health and Human Services, Office of the Secretary (45 CFR parts 160, 162, and 164) Federal Register, February 20, 2003. 45CFR164.308(5)(ii)(A)).
HIPAA Security Law: Health Insurance Reform: Security Standards Final Rule. U.S. Department of Health and Human Services, Office of the Secretary (45 CFR parts 160, 162, and 164) Federal Register, February 20, 2003. 45CFR164.308(7)(i)).
HIPAA Security Law: Health Insurance Reform: Security Standards Final Rule. U.S. Department of Health and Human Services, Office of the Secretary (45 CFR parts 160, 162, and 164) Federal Register, February 20, 2003. 45CFR164.308(7)(A-C)).
HIPAA Security Law: Health Insurance Reform: Security Standards Final Rule. U.S. Department of Health and Human Services, Office of the Secretary (45 CFR parts 160, 162, and 164) Federal Register, February 20, 2003. (45CFR164.308.8(b)(1)).
HIPAA Security Law: Health Insurance Reform: Security Standards Final Rule. U.S. Department of Health and Human Services, Office of the Secretary (45 CFR parts 160, 162, and 164) Federal Register, February 20, 2003. 45CFR164.310.
Ouellette, Patrick. Health IT Security, Thieves Steal Laptop with phi from California internist, September 9, 2013. Accessed November 5, 2019. https://healthitsecurity.com/news/thieves-steal-laptop-with-phi-from-california-internist).
HIPAA Security Law: Health Insurance Reform: Security Standards Final Rule. U.S. Department of Health and Human Services, Office of the Secretary (45 CFR parts 160, 162, and 164) Federal Register, February 20, 2003. 45CFR164.312(a)(1).
HIPAA Security Law: Health Insurance Reform: Security Standards Final Rule. U.S. Department of Health and Human Services, Office of the Secretary (45 CFR parts 160, 162, and 164) Federal Register, February 20, 2003. 45CFR164.312(2)(i).
HIPAA Security Law: Health Insurance Reform: Security Standards Final Rule. U.S. Department of Health and Human Services, Office of the Secretary (45 CFR parts 160, 162, and 164) Federal Register, February 20, 2003. 45CFR164.312(2)(iii)&(iv)).
HITECH: Breach Notification for Unsecured PHI: Interim Final Rule. U.S. Department of Health and Human Services. (45CFR Parts 160 and 164) Federal Register, August 24, 2009. 45CFR164.404(a) & (b).
HITECH: Breach Notification for Unsecured PHI: Interim Final Rule. U.S. Department of Health and Human Services. (45CFR Parts 160 and 164) Federal Register, August 24, 2009. 45CFR164.406.
HITECH: Breach Notification for Unsecured PHI: Interim Final Rule. U.S. Department of Health and Human Services. (45CFR Parts 160 and 164) Federal Register, August 24, 2009. 45CFR164.410.
Omnibus Final Rule: U.S. Department of Health and Human Services, Office of the Secretary (45CFR Parts 160 and 164) Federal Register, January 25, 2013. 45CFR164.522.
Omnibus Final Rule: U.S. Department of Health and Human Services, Office of the Secretary (45CFR Parts 160 and 164) Federal Register, January 25, 2013. 45CFR164.508).
Omnibus Final Rule: U.S. Department of Health and Human Services, Office of the Secretary (45CFR Parts 160 and 164) Federal Register, January 25, 2013. 45CFR164.514.
Omnibus Final Rule: U.S. Department of Health and Human Services, Office of the Secretary (45CFR Parts 160 and 164) Federal Register, January 25, 2013. 45CFR160.404).
Omnibus Final Rule: U.S. Department of Health and Human Services, Office of the Secretary (45CFR Parts 160 and 164) Federal Register, January 25, 2013. 45CFR160.408.
Omnibus Final Rule: U.S. Department of Health and Human Services, Office of the Secretary (45CFR Parts 160 and 164) Federal Register, January 25, 2013. 45CFR164.308.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix: Answers to Review Questions
Appendix: Answers to Review Questions
-
1.
Per the HIPAA Privacy Rule, discuss what is meant by “minimum necessary.”
Minimum necessary pertains to only sharing the least amount of patient health information with those people who have a need to know. This is based on the role of the person, and the PHI needed for them to complete their role tasks.
-
2.
What is a business associate?
This is a person or entity external to the covered entity, but in their business dealings with a covered entity, they will encounter patient health information. There must be a signed business associate agreement between the two parties.
-
3.
Who receives the Notice of Privacy Practices and why?
Patients upon their first visit to a provider and when the Notice changes receive one. The Notice specifies the patient’s rights in regards to PHI and how their PHI is used.
-
4.
Name the three areas of HIPAA Security and how adherence can be achieved in this situation.
Technical security, administrative security, and physical security.
-
5.
Name three items that must be done to become a HIPAA-covered entity.
-
(a)
Designate a person to manage HIPAA.
-
(b)
Develop policies and formage based on the HIPAA law.
-
(c)
Ensure that business associate agreements are in place.
-
(a)
-
6.
What was the effect of social media in this situation?
Social media created a HIPAA violation as once information is out via a social media site, it cannot be taken back and can be further spread.
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Kiel, J.M. (2022). Data Privacy and Security in the US: HIPAA, HITECH and Beyond. In: Hübner, U.H., Mustata Wilson, G., Morawski, T.S., Ball, M.J. (eds) Nursing Informatics . Health Informatics. Springer, Cham. https://doi.org/10.1007/978-3-030-91237-6_28
Download citation
DOI: https://doi.org/10.1007/978-3-030-91237-6_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-91236-9
Online ISBN: 978-3-030-91237-6
eBook Packages: MedicineMedicine (R0)