HIPAA is based on the concept of “Administrative Simplification,” or the pursuit of the most effective and efficient use of modern information technology. Handheld computers, the Internet, e-mail communication, and the use of personal computers enable users to store nearly limitless amounts of data, perform timely searches and reporting, and distribute large quantities of information to a wide audience in practically no time.
HIPAA seeks to utilize this modern technology to its greatest potential, working to provide common sense protections for the personal patient information reflected in the data. Healthcare providers, health plans, and clearinghouses are charged with the legal responsibility to comply with HIPAA.
The problem, however, is that HIPAA violations remain prominent in the Healthcare scene even today. From cyber-attacks, outdated documentation methods and audits, to unauthorized access to patient data—the fact of the matter is that HIPAA breaches are nowhere near being “out of the picture” given that 197,049 privacy rule complaints were filed just this past year.
Between 2009 and 2018 there have been 2,546 healthcare data breaches involving more than 500 records. In total, those breaches have resulted in the theft/exposure of 189,945,874 healthcare records. That equates to more than 59% of the population of the United States, being reported today at a rate of more than one per day. More than 59%! A percentage that large just goes to show that a problem is still being left undiagnosed in the Healthcare scene.
There has been a general upward trend in the number of records exposed each year, with a massive increase in 2015. 2015 was the worst year in history for breached healthcare records with more than 113.27 million records exposed. 2012 was the best year with just 2,808,042 healthcare records exposed. The situation has improved since 2015 with successive falls in the number of exposed records. Although that trend did not continue in 2018. The number of exposed records more than doubled year over year, from 5,138,179 records in 2017 to 13,236,569 records in 2018.
However, while 2018 was not a record-breaking year in terms of the number of financial penalties for HIPAA violations, it was a record-breaker in terms of the total penalty amounts paid. OCR received $28,683,400 in financial penalties in 2018. The mean financial penalty was $2,607,582… We aren’t talking a couple thousand dollars—penalties in the millions of dollars are what come to Healthcare providers who don’t conform to HIPAA regulations.
On top of this, 2018 saw the largest ever HIPAA settlement agreed with OCR. In October 2018, Anthem Inc., settled its HIPAA violation case with OCR for $16,000,000. The massive fine was due to the extent of HIPAA violations discovered by OCR and the scale of its 2015 data breach, which saw the protected health information of around 78,800,000 plan members stolen by hackers. (Below are the various types of HIPAA violations paired with their correlating penalties.)