Patient complaints regarding HIPAA violations have become more prominent over the last few years and the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is now taking even more action to address these issues. With increased HIPAA enforcement, OCR is urging more healthcare organizations and their vendors to change their privacy and security policies to decrease the amount of complaints.
HIPAA violations can occur when there is a breach of unsecured protected health information (PHI).PHI is any demographic information used to identify a patient such as names, addresses, phone numbers, Social Security numbers, and insurance ID numbers, to name a few. Some of the most common HIPAA violations result from data breaches, which can lead to costly HIPAA fines.
A recent report analyzed patient HIPAA complaint data from 2009 to 2018. The report found that 921 complaints requiring corrective actions were filed against healthcare entities in 2018, compared to 863 complaints in 2017, and 727 complaints in 2016.
The data demonstrates a new trend of increasing HIPAA complaints since 2016. This comes after a relatively low period that began in 2010 and lasted through 2015. The number of complaints reached its peak in 2010 after 2,709 total HIPAA complaints were filed against healthcare organizations for potential privacy and security breaches.
Many of the complaints resulted from the HITECH Act requirements to report breaches to OCR and notify patients; more patients would be filing complaints that fell within OCR’s health data privacy and security enforcement efforts.
However, the number of actionable complaints suddenly dropped in 2014. Although OCR’s change in approach to HIPAA complaints may have had something to do with it.
OCR began reporting on how often it intervened informally by providing technical assistance to healthcare organizations, contractors, and patients. Those healthcare organizations were not required to adopt a formal corrective action plan, but the agency would be alerted if other complaints were filed or violations were made against a specific organization they intervened with previously. At the end of 2014, OCR stated that it intervened in 7,883 cases. In 2018, the agency reported it had informally intervened in a total of 32,120 cases.
It is important to understand that these complaints and violations can be mitigated if an organization implements an effective compliance program that is tailored to your business. The strength and protection of a HIPAA compliance program is how you adapt it to meet the unique needs of your business to avoid the risk of HIPAA violations.
Compliancy Group’s all-in-one compliance web-based app, The Guard™ addresses every element of HIPAA compliance. Users are paired with an expert compliance coach to guide you through every step of your compliance program. We answer your questions and give you a compliance program that will meet the needs of your business.
Find out more how Compliancy Group can help protect your business today!