There have been almost 7,100 patient and employee complaints of HIPAA violations in the past five years, which have forced organizations to change their operations and pay substantial fines, according to an analysis by Health Information Privacy/Security Alert.
Health Information Privacy/Security Alert reviewed HHS Office for Civil Rights reports and enforcement actions from Jan. 1, 2013, through Dec. 31, 2017 for its analysis.
Here are five things to know.
1. Approximately 3,467 complaints were filed with OCR in 2013 that resulted in organizational changes.
2. In 2014,1,288 complaints were reported, followed by 733 in 2015, 727 in 2016 and 863 in 2017.
3. Six resolution agreements were made, resulting in thousands of dollars of fines for various organizations.
4. No included in the Health Information Privacy/Security Alert analysis were the tens of thousands of actions taken to address Health Information Technology for Economic and Clinical Health Act breach reporting.
5. "Patient complaints under HIPAA matter and have resulted in serious fines," said Dennis Melamed, editor and publisher of Health Information Privacy/Security Alert. "About a dozen resolution agreements in the last five years originated with complaints and resulted in meaningful fines."
More articles on cybersecurity:
Oak Hill Hospital sends patient 256 pages of a stranger's medical records
The Oregon Clinic notifies patients to PHI breach following compromised email account
OIG finds holes in military's EHR security, facilities could be fined up to $1.5M