Physician Resources Home arrow Physician Practice arrow General Medical Practice arrow Itís Back: HIPAA Privacy and Security Enforcement
Itís Back: HIPAA Privacy and Security Enforcement
Written by Ardena L. Flippin, MD, MBA   
HIPAA investigations
HIPAA investigations by year.
Data from the HHS

The Health Insurance Portability and Accountability Act (HIPAA), federal regulations to protect medical privacy and give patients greater control over their personal health information, was implemented in April of 2003. There was lots of flurry and concern, and then it all seemed to die down because the enforcement and threats of prosecution for violations didn’t really happen in the numbers that were anticipated. 

Well, it seems as though the enforcement beast is rearing its ugly head again.

Discuss this article on the forums. (9 posts)


Since April 2003, there have been over 26,000 complaints filed alleging violations of HIPAA Privacy regulations (Health Law Alert, April 25, 2007). Of note is the fact that in that four-year period since 2003, only 350 complaints were passed onto the Department of Justice for criminal enforcement [and only] four criminal HIPAA violations were prosecuted in the United States (as of February 2007).

Below are the most common allegations reported to the Office of Civil Rights (OCR) as violations of HIPAA Privacy (from:

§ Permission to use or disclose protected health information was not obtained (personal medical details were wrongly revealed)

§ Information was poorly protected (adequate safeguards were not in place)

§ More details were disclosed than necessary (Minimum Necessary Rule)

§ Proper authorization was not obtained (when required)

§ Patients were frustrated getting their own records (access, copies denied).

What is also important to know is that there is a difference between HIPAA Privacy and HIPAA Security (HIPAA security is fundamentally the security of electronic claims and transactions). As the public has become more aware over the past three years, the number of HIPAA privacy investigations has been steadily increasing (

These are a few signs that there is increasing focus on the enforcement of HIPAA Security (from Health Law Alert, April 25, 2007):

§ Each year the Office of Inspector General (OIG) issues a Work Plan. The 2007 Work Plan cited reviews of HIPAA Privacy and Security implementation during fiscal year 2007.

§ The HIPAA Security standards may begin to play a role in identity theft litigation claims, and HIPAA Privacy may begin to be used as “standard of care” to prove negligence in privacy claims.

§ A hospital in Georgia is being audited for its Security Rule compliance (no one seems to know why), and the OIG let it be known that it will perform similar audits nationally.

§ According to attorney-author Monica Hocum, “The best defense is to have a comprehensive compliance program that is actively monitored andt enforced.”

There are three things to remember:

1. None of us knows everything about all aspects of HIPAA Privacy. Educate your front line people, educate yourself and get good opinions.

2. Patients will continue to file complaints (and civil suits), even if the agency is not enforcing regulations. Complaints take your time and the time of your staff to investigate and rectify.

3. The requirements for compliance with HIPAA Privacy and HIPAA Security regulations aren’t going away.


HIPAA: Enforcement and Other Legal Risks. Health Law Alert, April 25, 2007.

HIPAA Apparently Lacks Teeth – But Does It Really Matter? (

Compliance and Enforcement Numbers at a Glance. United States Department of Health and Human Services.

Dr. Ardena Flippin


About the Author

Dr. Flippin brings a wealth of experience, starting with her long tenure as an attending physician at the Cook County Hospital Emergency Department. She is currently Corporate Compliance and HIPAA Privacy Officer at major Chicago hospital.

Discuss this article on the forums. (9 posts) 
< Prev   Next >

Common Diseases

Swine Flu - Updates and information on H1N1 2009 (AKA Swine Influenza) pandemic.

Ankylosing spondylitis - Current protocols for diagnosis and treatment options.

Wegener granulomatosis - Autoimmune etiology and clinical course.

Diabetes - disease and management information, including diagnosis, typical treatment plans and diabetes supplies.


Medical Careers

The US medical jobs market has stayed hot for health care providers. Whether you believe that a provider shortage is in the offing or that the ratio of physicians-to-patients is too high, physician jobs and nursing jobs abound.

A wide variety of medical jobs can be found in the netdoc health care job listings. Particular strengths include permanent and locum tenens physician jobs, nursing jobs across the US, and radiology positions.

Other resources include physician salary information, medical career guidance, and the ability to post physician jobs.


When hiring your medical practice office manager, what was the most important consideration?
Copyright © 2005 - 2020 Medical Resource Group, LLC. All rights reserved.