The 6 Most Common HIPAA Violations (and how to avoid them)

By: BJ Neller   /   August 26, 2017

Earlier this year, the Department of Health and Human Services (HHS) announced that St. Luke’s-Roosevelt Hospital Center Inc. (St. Luke’s) paid it $387,000 to settle violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Specifically, HHS accused an employee of the Spencer Cox Center of carelessly disclosing a patient’s protected health information (PHI). This is a no-no and goes against the main purpose of the act which turned 21 years old this year. It illustrates how seriously the government takes the confidentiality of patient information. Violations of this law are not only a threat to patient medical information but also to health providers who are charged with protecting PHI. Further proof of this fact is that HIPAA violation fines can typically reach up to $50,000 per occurrence and a maximum annual penalty of $1.5 million per violation.


All of this is why we are serious about helping you remain compliant with this very important law by helping you with your confidential waste disposal. We also believe information helps. For this reason we have compiled a list of common HIPAA violations and how to avoid them.


  • -Keeping unsecured records: All employees handling PHI should be trained to secure this information. This means that physical documents should be kept in a locked desk, drawer or other location. Digital data should be encrypted to secure the safety of PHI.

  • -Insider snooping: A person’s medical records are not to be accessed by family members, friends, etc. without that person’s permission.

  • -Missing patient signature: All HIPAA forms must include the patient’s signature.

  • -Releasing unauthorized health information: A patient may request that certain portions of their medical records be released and not others. Be sure that you have a patient’s authorization before releasing any medical information on that person.

  • -Lack of employee training: All employees should be trained on HIPAA regulations and compliance. This is not only a good business practice, it is also a requirement of HIPAA law.

  • -Releasing the wrong patient’s information: This often occurs when two patients have the same or similar name. Be sure that controls are put in place to prevent this common error or the result could be quite costly for your business.


All you can see, it is not difficult to run afoul of HIPAA. This is why you need experts who are familiar with all the rules of compliance governing this important law. We are familiar with HIPAA regulations and can help you do your part to comply. Our waste management in Orlando can help you meet your obligations to the public and protect PHI at the same time.