HIPAA in the Workplace

1. What is HIPAA
8 Topics
Covered Entities & Business Associates
Chain of trust
Business Associates Case Study
Chain of Trust Case Study
HIPAA Rules
HIPAA Rules – Privacy Rule
HIPAA Rules – Security Rule
HIPAA Facts
2. Minimum Use Requirement
3. What Information Is protected Under HIPAA Law
3 Topics | 1 Quiz
What is Considered PHI Under HIPAA Rules?
When is PHI not PHI
How Must HIPAA Protected Health Information be Safeguarded?
Quiz 1
4. Becoming HIPAA Compliant
1 Topic
More on HIPAA Compliance
5. Duties of a HIPAA Compliance Officer
6. Maintaining HIPAA Confidentiality When Communicating with Others
4 Topics
HIPAA Social Media Rules
Is Texting in Violation of HIPAA?
The Technical Safeguards of the HIPAA Security Rule
Resolve Texting Issues with a Secure Messaging Solution
7. Can You Share Protected Health Information?
4 Topics | 1 Quiz
a. Permitted Uses and Disclosures
b. Permitted Uses and Disclosures..
c. Permitted Uses and Disclosures…
d. Permitted Uses and Disclosures….
Quiz 2
8. The Most Common HIPAA Violations You Should Be Aware Of
6 Topics
What Constitutes a HIPAA Violation?
How are HIPAA Violations Discovered?
a. 10 Most Common HIPAA Violations
b. 10 Most Common Violations
c. 10 Most Common Violations
d. 10 Most Common Violations
9. HIPAA Violations by Employees
1 Topic
Common HIPAA Violations by Employees
10. How Should You Respond to An Accidental HIPAA Violation
11. What are the Penalties for HIPAA Violations?
2 Topics | 1 Quiz
HIPAA Penalty Structure
HIPAA Penalties
Quiz 3 HIPAA
Previous Lesson
Next Topic

What Constitutes a HIPAA Violation?

HIPAA in the Workplace 8. The Most Common HIPAA Violations You Should Be Aware Of What Constitutes a HIPAA Violation?

A HIPAA violation is when a HIPAA covered entity – or a business associate fails to comply with one or more of the provisions of the HIPAA Privacy, Security, or Breach Notification Rules.


A violation may be deliberate or unintentional. An example of an unintentional HIPAA violation is when too much PHI is disclosed and the minimum necessary information standard is violated. When PHI is disclosed, it must be limited to the minimum necessary information to achieve the purpose for which it is disclosed. Financial penalties for HIPAA violations can be issued for unintentional HIPAA violations, although the penalties will be at a lower rate to willful violations of HIPAA Rules.

An example of a deliberate violation is unnecessarily delaying the issuing of breach notification letters to patients and exceeding the maximum time frame of 60 days following the discovery of a breach to issue notifications – A violation of the HIPAA Breach Notification Rule.
Many HIPAA violations are the result of negligence, such as the failure to perform an organization-wide risk assessment. Financial penalties for HIPAA violations have frequently been issued for risk assessment failures.
Penalties for HIPAA violations can potentially be issued for all HIPAA violations, although OCR typically resolves most cases through voluntary compliance, issuing technical guidance, or accepting a covered entity or business associate’s plan to address the violations and change policies and procedures to prevent future violations from occurring. Financial penalties for HIPAA violations are reserved for the most serious violations of HIPAA Rules.

Avoiding HIPAA Violations 6:56
Previous Lesson
Back to Lesson
Next Topic