HIPAA home page | Guidance (FAQ) | Working@Yale article

Can You Keep A Secret?
HIPAA Privacy and You

HIPAA enforcement

Most everyone likes to complain now and then and complaints regarding HIPAA are no exception. HIPAA provides for complaints to be submitted either to a covered entity such as Yale's Privacy Office or directly to the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services. Complaints which indicate intentional violation of the law may then lead to civil or criminal penalties. So, what's the status of HIPAA enforcement?

How many complaints have been filed with OCR?
As of July 2004, over 7,577 complaints had been filed with OCR since HIPAA came into effect in April 2003. Roughly 57% of these cases have been closed by OCR. OCR has referred 108 complaints to the Department of Justice for involving knowing violation of HIPAA.

What are the frequent complaints?
The most frequent complaints involve (1) using or disclosing information improperly (2) lack of adequate safeguards (3) refusing to provide the individual with access to their records (4) disclosing more than the minimum necessary information and (5) not obtaining a HIPAA authorization when it was needed.

What complaints have been closed?
Complaints regarding events that occurred prior to the effective date of HIPAA or which do not involve a HIPAA covered entity are dismissed by OCR. Other cases which have been closed are those in which the covered entity has worked with OCR voluntarily to correct the problem.

Has anyone been charged with a HIPAA violation?
In August, the first guilty plea was entered on a HIPAA charge in Seattle. In this case, an employee of a cancer center was able to access patient information which was then used to obtain credit cards in the patient's name. The defendant charged more than $9,000 worth of goods prior to being apprehended.

What are the penalties for violating HIPAA?
In the case described above, the maximum penalty could have been up to ten years in jail and a fine of $250,000. These figures are for the HIPAA charges alone and do not reflect penalties which could be imposed for credit card fraud or any other activities in this case.

For more information on how to comply with HIPAA and avoid complaints, visit the HIPAA web site at http://www.hipaa.yale.edu/ . You may also contact the Privacy Office at 436-3650, hipaa@yale.edu

 

 

Top of page.
     
Yale University.  
HIPAA at Yale Home.