Employer Hipaa Violations

Equal Employment Opportunity Commission. Those who violate HIPAA may face fines from 100-250000 per offense with an annual cap at 15 million andor a 1-10 year prison sentence.

Hipaa Violation Breach Fines List Of Hipaa Violations

Employer HIPAA Violations and COVID-19 Testing.

Employer hipaa violations. Employers also should notify employees that viola-tions of the social media policy may result in discipline up to and including discharge to the extent permitted by applicable law. A California medical center fi red 13 employees for improperly accessing the confi dential medical records of pop star Britney Spears. Breach definitions and their recommended disciplinary action should exist within your policy manual.

The privacy provisions of HIPAA apply to healthcare providers health insurance companies and employers. HIPAA and ADA. 160103 and 164512b1v and OCRs Frequently Asked Questions.

HIPAA violations and enforcement are not ex-actly what one expects to see when they open up a celebrity gossip magazine or the sports section of the newspaper. When discovered these violations usually result in termination of employment but could also result in criminal charges for the employee concerned. A HIPAA violation in the workplace refers to a situation where an employees health information has fallen into the wrong hands whether willfully or inadvertently without his consent.

There are three levels of a breach that weve defined each of which has its own employee penalty. In addition to the employer imposed HIPAA sanctions there are civil and criminal penalties associated with violating HIPAA law. This type of HIPAA violation in the workplace is unacceptable.

Employers are obligated the same way. HIPAA requires the health facilities and agencies to keep this information secure. If the employer failed to safeguard their employees PHI this would be an employer HIPAA violation.

Basically for you to stay free of workplace HIPAA violations you need to guard PHI properly. HIPAA contains a general compliance provision applicable to. The Equal Employment Opportunity Commission EEOC released guidance on employee testing stating that testing must be consistent with business necessity.

Additionally employers must have HIPAA privacy laws displayed as well as state specific ones and must notify employees of their specific privacy policies for the company. What HIPAA Violations Are Reportable. HIPAA does not prevent an employer from announcing the birth of a child to the parents workplace colleagues but it will likely apply if an employer administers a self-insured health plan or acts as an intermediary in a high-deductible consumer-directed health plan.

Employees talking about patients to coworkers or friends is a HIPAA violation that can land you in a world of hurt. The policy should be re-viewed revised as necessary and regularly disseminated to employees to insure they are aware of employer expecta-tions. It means if you suspect your employer has shared your health information with other employees or colleagues you will only be able to claim a HIPAA violation if your employer is a health plan a health care clearinghouse or a health care provider.

An employer HIPAA violation occurs when the employer retaliates against an individual who has made a complaint using the employers complaint process. HIPAA violations occur intentionally or unintentionally. And while all possible HIPAA violations should be considered potential threats to your medical practice some are more common than others.

Small employer is one that employs an aver-age of two to 50 employees during the prior calendar year and at least two employees on the first day of the plan year. They do not apply to violations of. Companies still unsure about how HIPAA applies to Employers should seek professional advice relevant to their specific.

Either way they are unlawful and can result in significant penalties. Also employees should only discuss patient information in private places and only with other medical personnel. With HIPAA violation fines reaching up to 50000 per occurrence and a maximum annual penalty of 15 million per violation its important for medical practices to ensure they are HIPAA compliant at all times.

A few recent high-profi le violations howev- er have brought HIPAA issues into the public eye. Employees cant share patient information with friends family members third-party vendors or organizations. If your employer is not self-insured does not provide health care facilities for employees or does not act as.

Employee discipline for a HIPAA violation depends on the type of breach that occurred. PHI refers to a patients personal data. Generally the Privacy Rule applies to the disclosures made by your health care provider not the questions your employer may ask.

Snooping on healthcare records of family friends neighbors co-workers and celebrities is one of the most common HIPAA violations committed by employees. Financial penalties for healthcare organizations that have failed to prevent snooping are. For employer issues contact.

The excise tax and Form 8928 apply to the various HIPAA mandates for group see box. There are additional HIPAA laws in the workplace. Employers must also have a defined policy and process related to the notification and investigation.

They exist to protect the rights of individuals to limit access to their PHI. What does this mean for employees.

Hipaa Violation Cases

This hefty fine was due to the extent of HIPAA violations alone with the scale of its 2015 data breach. Impermissible Uses and Disclosures.

What Is A Hipaa Violation Fines And Penalties For Violations Ekran System

While there is no private right of action under HIPAA a HIPAA violation lawsuit could potentially be filed following a landmark ruling by the Supreme Court in.

Hipaa violation cases. HIPAA requires that healthcare organizations report any data breaches involving more than 500 patient records. A New Jersey psychologist faced allegations of HIPAA violations in 2017 after the practices billing manager sent copies of patients bills including codes that could reveal diagnoses and treatments to a collections agency. Fail to encrypt devices Are hacked Access data for which theyre unauthorized Leak PHI or other confidential information Lose company devices Improperly.

HIPAA Violation Case Settled Between Ambulance Company OCR for 65000 The Department of Health and Human Services Office for Civil Rights OCR has revealed a 65000 HIPAA violation settlement has been agreed with West Georgia Ambulance Inc to address multiple breaches of Health Insurance Portability and Accountability Act Rules. HIPAA Violation Cases Arent Worth the Fines and Lawsuits. While HIPAA laws and policies have been around for a while violations still occur.

For instance sharing more patient information than necessary to process claims with a health insurance provider may constitute a HIPAA violation. Former Employee of Mosaic Life Care Medical Center Takes Legal Action over Dismissal. You have 180 days to submit the claim from the day the situation occurs.

Dont let HIPAA violations cost your medical practice lawsuits. HIPAA violations most commonly occur when a medical center hospital or other health-related organization and its business employees and vendors. OCRs investigation determined that a flaw in the health plans computer system put the protected health information of approximately 2000 families at risk of disclosure in violation of the Rule.

Conditioning Compliance with the Privacy Rule. Two lawsuits have recently been filed in relation to alleged breaches of Health Insurance Portability and Accountability Act HIPAA Rules one by a former hospital employee and another by a patient whose privacy was allegedly violated by a CVS pharmacy employee. According to the HHS web portal there have been 205 such breaches so.

Meier was arraigned in Gates Town Court on Tuesday February 11 2019 on 215 felony counts of computer trespass and 215 counts of misdemeanor unauthorized use of a computer. Ciaccia reported the criminal HIPAA violations to the police and an investigation was launched. In fact in 2018 the largest HIPAA settlement to date happened.

The pediatric ICUER nurse worked at Texas Childrens Hospital and posted a series of comments on Facebook about a rare case of measles at the. Following simple security and safety measures for confidential information should be common-sense but to otherssometimes it can slip the mind. Disclosures to Avert a Serious Threat to Health or Safety.

One of the most common HIPAA violations is a result of lost company devices. In October 2018 Anthem Inc settled a HIPAA violation case for 16 million dollars. A nurse at a Texas childrens hospital has been fired for violating Health Insurance Portability and Accountability Act HIPAA Rules by posting protected health information on a social media website.

Being HIPAA compliant is a very serious topic in the United States healthcare community. Among the corrective actions required to resolve this case OCR required the insurer to correct the flaw in its computer system review all transactions for a six month period and correct all corrupted patient. The device was not password-protected and the personal information of over 20000 patients wasnt encrypted.

Premera Blue Cross paid 6850000 for failing to perform a comprehensive risk analysis failing to reduce risks to the integrity confidentiality and availability of ePHI to a realistic and proper level and not having enough hardware and software controls. If the HIPAA violation includes a criminal offense you should bring the case to the Department of Justice DOJ. In 2017 Lifespan mentioned in a news release that someone broke into an employee vehicle and stole their work laptop.

You need to name the person or hospital who violated HIPAA and give their accurate contact information for the complaint to be valid. Case Examples Organized by Issue. There have been several cases where a HIPAA violation lawsuit has been filed only for the case to be thrown out to to a lack of standing.

In the HIPAA violation cases listed below OCR identified several HIPAA rule violations.

Ahima Hipaa Certification

Certified in Healthcare Privacy and Security CHPS AHIMAs popular Privacy and Security certification that documents HIPAA and Information Security expertise. JOURNAL of AHIMAthe official publication of the American Health Information Management Associationdelivers best practices in health information management and keeps readers current on emerging issues that affect the accuracy timeliness privacy and security of.

Certifications Overview Ahima

Certification to any of the organizations standards requires passing an initial exam followed by ongoing continuing education training credits which can be obtained through remote study.

Ahima hipaa certification. Part 1 exempts PHI while Part 2 exempts providers under certain circumstances. There is no standard uniform state privacy law in. If you choose to continue your journey you can apply academic transfer credits toward a certificate or undergraduate.

CT we will perform scheduled maintenance and this page will be unavailable. Were pleased to share some changes to the certification process that international candidates should find beneficial. An awardee will be selected and receive the award at the Virtual AOE21 Symposium taking place July 2628.

Confusion occurs when state laws are mixed into the process. These five changes are effective May 1 2020. In this case if a hospital elected to establish its own privacy.

And to meet the security and privacy rules requirements for ongoing assessment of the organizations compliance. Merchandise Branded AHIMA Merchandise On Saturday February 2 beginning at 11 pm. A final resource for record retention guidelines is AHIMAs recommendation for retention.

1 To establish that health information technology meets applicable standards and implementation specifications adopted by the Secretary. Through recertification AHIMA-certified individuals demonstrate their continued competency and current qualifications in todays changing and challenging healthcare environment. However even if the possibility of a HIPAA audit is slight covered entities and business associates should assess their compliance with the privacy and security rules for two reasons.

Part 2 of the CCPA HIPAA exemption California Civil Code 1798145c1B. In an industry that values education and experience AHIMA credentials are proof of a robust education and an ongoing commitment to staying relevant in a complex and evolving space. HIPAA breaches can also be reported to the workforce members professional licensing or certification board and ethics committees.

After successfully completing the Medical Coding and Reimbursement online courses you will earn the AHIMA Medical Coding and Reimbursement Micro-credential and receive a certificate of completion from AHIMA. If you are committed to ensuring privacy and security programs adhere to compliance and regulatory requirements from creation to implementation review AHIMAs privacy and security product offerings including our Certified in. In addition organizations with special patient.

AHIMA certifications are maintained through a required recertification process. Or 2 that are used to test and certify that health information technology includes required capabilities. Standards and implementation specifications within HIPAA.

The courses are entirely web-based. Reports to licensing boards become public records and are often the basis for future employment background checks. The American Health Information Management Association 233 N Michigan Avenue 21st Floor Chicago IL 60601.

Step 21 Register Online. A covered entity governed by the HIPAA privacy security and breach notification rules is exempt from the CCPA to the extent the covered entity properly safeguards PHI under HIPAA. The rule attempts to balance the need for prompt and informed delivery of healthcare services with that of protecting the individual.

JOURNAL of AHIMAthe official publication of the American Health Information Management Associationdelivers best practices in health information management and keeps readers current on emerging issues that affect the accuracy timeliness privacy and security of. The Health Insurance Portability and Accountability Act HIPAA and Privacy Act training is required of all Defense Health Agency DHA civilian military and contractor personnel. Certificate of Attendance Data Use - Methods for De-Identification of PHI Under HIPAA.

AHIMA Record Retention Recommendation. April 26 2016 _____ Name _____ AHIMA ID Number. Please keep in mind that eligibility requirements.

The mandatory HIPAA and Privacy Act training course must be completed within 30 days of on-boarding and annually thereafter. Nominations are open through May 31 for the AHIMA Council for Excellence in Education CEE Making Dreams Come True award to recognize a health information educator who has made a difference in students lives. The HIPAA privacy rule contains specific requirements for the management of health information to ensure confidentiality of the individual.

Earning an AHIMA credential earns you a spot in a strong community of reliable support and valuable connections. Please reference your inbox or AHIMAs Facebook page for more information. Professional organizations such as AHIMA certifies its members and has in place a code of ethics setting forth ethical.

Recertification ensures that certified professionals stay up to date in the constantly evolving HIM field. The American Health Information Management Association AHIMA offers a range of different certifications for health information management professionals. Join the AHIMA Network.

To avoid civil monetary penalties lawsuits bad publicity and other harm resulting from a privacy or security breach. These are following steps for registering the AHIMA RHIA Practice Exam Questions. Appendix C outlines AHIMAs recommendations for minimum record retention time periods in the absence of any federal state or accreditation requirements.

Apgar contends that HIPAA has in the past and continues to protect only the privacy of patients not necessarily the rights of a patients family and friends. Continuing Education Audio SeminarWebinar presented on. HIPAA does define certain circumstances when PHI may be used and disclosed to others but it vests no rights to that information with friends or family.

A covered entity may qualify for the CCPA HIPAA exemption under part 2.

Amazon Aws Hipaa

When it comes to HIPAA hosting companies you have more choices than ever. Amazon SES is now a HIPAA Eligible Service.

Aws Architekturerstellung Fur Hipaa

It offers computing power database storage content delivery and other functionality to help businesses scale and grow.

Amazon aws hipaa. We will focus on the HIPAA Privacy and Security Rules for protecting Protected Health Information PHI how to use AWS to encrypt data in transit and at-rest and how AWS. If you dont have a BAA in place with AWS or if you have. A growing number of businesses and individuals everyone from health care providers to IT professionals are using Amazon Web Services AWS HIPAA compliant services to protect their clients information in accordance with the US.

Health Insurance Portability and Accountability Act HIPAA. Durch die Kombination Governance-zentrierter auf einfache Prüfung ausgelegter Servicefunktionen mit den geltenden Compliance- oder Prüfungsstandards bauen die AWS. So is AWS HIPAA compliant.

Sign Up for a Free Account Experience AWS Secure Reliable Scalable Services. One of those organizations is Amazon. You must process store and transmit protected health information PHI using only HIPAA Eligible Services as defined in the AWS BAA.

Pricing for dedicated instances has come down a lot since the very beginning. Diese Anforderung wurde jedoch entfernt. If youre new to AWS or to configuring architectures for HIPAA workloads on AWS please read the overview and follow the detailed pre-deployment and deployment steps described in this guide.

Anzeige Build Deploy and Manage Websites Apps or Processes On AWS Secure Reliable Network. Many hosting providers are HIPAA Compliant and provide a level of security for hosted information in the cloud. Amazon Will Sign a Business Associate Agreement for AWS.

The purpose of this post is to determine if Amazon Web Services AWS offers HIPAA compliance or not. If you want to take a look under the covers you can view the main template that automates this deployment. You also need to confirm that your AWS account is set up correctly by checking service limits and SSH key pairs and setting up AWS Config.

Is Google Cloud HIPAA Compliant. Anzeige Build Deploy and Manage Websites Apps or Processes On AWS Secure Reliable Network. Amazon Web Services allows HIPAA-covered entities and vendors serving the healthcare industry to use its secure AWS environment to process maintain and store protected health information and has signed a business associate agreement with many HIPAA covered entities that covers its products and services.

AWS offers a commercial-off-the-shelf infrastructure platform with industry-recognized certifications and audits such as ISO 27001 FedRAMP and the Service Organization Control Reports SOC1 SOC2 and SOC3. Mai 2017 forderte das AWS HIPAA-Konformitätsprogramm dass Kunden die PHI mit Amazon EC2 verarbeitet haben dedizierte Instanzen oder dedizierte Hosts verwenden müssen. AWS HIPAA Compliance.

July 6 2018. This paper briefly outlines how customers can use Amazon Web Services AWS to run sensitive workloads regulated under the US. If you plan to include Protected Health Information as defined by HIPAA on AWS services you must first accept the AWS Business Associate Addendum AWS BAA.

Health Insurance Portability and Accountability Act HIPAA. Amazon supports HIPAA compliance and you can utilize its reliable services to create a cloud-based solution that will manage maintain and transfer confidential patient information. You can use AWS to run sensitive workloads regulated under the US.

To answer briefly AWS alone doesnt guarantee HIPAA compliance but it offers services that open the door for HIPAA compliance. Health Insurance Portability and Accountability Act of 1996 HIPAA. Provided by Amazon Web Services AWS to architect applications in alignment with HIPAA and HITECH compliance requirements.

Lets examine what this means. About Amazon Web Services AWS AWS is a secure cloud services platform. HIPAA eligibility applies to all AWS Regions where Amazon SES is available.

If you have a HIPAA Business Associate Addendum BAA in place with AWS you can now start using Amazon SES for your HIPAA eligible workloads. AWS can be HIPAA compliant but it is also easy to make configuration mistakes that will leave protected health information PHI unprotected and accessible by unauthorized individuals violating HIPAA Rules. They provide a cloud-based solution called Amazon Web Services or AWS.

Before you deploy the Quick Start with protected health information PHI you must accept the AWS Business Associate Addendum BAA and configure your AWS accounts as required by the BAA. Sign Up for a Free Account Experience AWS Secure Reliable Scalable Services. Das AWS-Compliance-Programm ermöglicht unseren Kunden sich mit den zuverlässigen Kontrollmöglichkeiten in AWS vertraut zu machen die der Sicherheit und Compliance in der Cloud dienen.

Customers may use any AWS service in their HIPAA Account for data that is not PHI So to get a BAA agreement from AWS youll need dedicated instances running in a VPC not the classic EC2.

Hipaa Data Breach

HHS Settles with Health Plan in Photocopier Breach Case HHSgov. Its not enough to try to be compliant.

Hipaa Violations Increase Costs For Anthem S Data Breach

Data or ransomware in conjunction with other malware that does so.

Hipaa data breach. Affinity disclosed the protected health information of 344579 individuals when it returned multiple photocopiers to a leasing agent without erasing the data. Similar breach notification provisions implemented and enforced by the Federal Trade Commission FTC apply to vendors of personal health. And in some cases the media of a breach of unsecured PHI.

Since 2011 over 21000000 health records have been compromised. Dental and orthodontic practices are well-known targets for hackers because of relaxed security practices that leave networks easy to exploit. Keep It Safe and Keep It Legal.

The number in four months. Premera Blue Cross was investigated over data breach in which the protected health information of 10466692 individuals was obtained by hackers. HIPAA data breaches affecting over 500 records are published by CMS.

Healthcare organizations should also be aware of the potential consequences of HIPAA data breaches. Health Insurer Pays 685 Million to Settle Data Breach Affecting Over 104 Million People - September 25 2020. Entities Reporting Healthcare Data Breaches in February 2021.

Data breaches were reported by HIPAA-covered entities or business associates in 48 states Washington DC and Puerto Rico. If OCR determines that HIPAA violations did. Dont risk a HIPAA breach of information leading to steep fines not to mention letting your patients down if their private information gets out.

During the investigation OCR discovered multiple potential violations of the HIPAA Security Rule. The HIPAA Breach Notification Rule 45 CFR 164400-414 requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. It just shows how relentless hackers are and how much they want the data.

California was the second most badly hit with 42 reported data breaches. In the first four months of 2020 over 143 incidents have taken place according to the HIPAA Breach Reporting Tool. If you can prove that security measures were in place for protecting the PHI and that theres a low probability that the PHI was disclosed the HHS will not consider the incident as a reportable data breach.

When a HIPAA breach has been detected covered entities and their business associates are obliged by law to give notice of this breach. The Health Insurance Portability and Accountability Act HIPAA requires all healthcare data breaches to be reported to the HHS Office for Civil Rights. Here are seven examples of HIPAA breaches that are not considered reportable under HIPAA.

So if youve used computer software to encode information and are sure it is indecipherable youre in luck. Healthcare providers were the worst affected covered entity type in February with 35 breaches reported. Whether or not the presence of ransomware would be a breach under the HIPAA Rules is a fact-specific.

Generally a breach is an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of PHI. You can see theres a searchable database of breaches that have occurred how many records were affected and the type of breach. HIPAA Breach Notification Rule The HIPAA Breach Notification Rule requires covered entities to notify affected individuals.

In 2019 healthcare data breaches were reported at a rate of 14 per day - HIPAA Journal Healthcare Data Breach Statistics With the risk of breach being so high its imperative that both covered entities and business associates take the appropriate measures to identify and report breaches as early as possible. There were 5 breaches reported by health plans and 5 reported by business associates of. Can HIPAA compliance help covered entities and business associates prevent infections of.

HIPAA Business Associate Pays 23 Million to Settle Breach Affecting Protected Health Information of Over 6 million Individual - September 23 2020. The worst affected state was Texas with 60 data breaches reported. The vast majority of breaches are hardware breaches.

The majority if not almost all of the breaches seem to happen because of employee carelessness. HIPAA breaches include unauthorized access by employees as well as third parties improper disclosures the exposure of protected health information and ransomware attacks. A summary of breaches of 500 or more records is published by the HHS Office for Civil Rights.

Breaches Affecting 500 or More Individuals If a breach of unsecured protected health information affects 500 or more individuals a covered entity must notify the Secretary of the breach without unreasonable delay and in no case later than 60 calendar days from the discovery of the breach. Now that you know what is considered a breach of HIPAA it is your responsibility to keep your patients information secure. 7 PHI Breaches that are not reportable under HIPAA.

A breach is defined as the acquisition access use or disclosure of protected health information in a manner not permitted by HIPAA Rules. Fines for a data breach at your practice could range from 100 to 50000 per violationrecord. Remember thanks to the Omnibus Final Rule only unsecured information constitutes a breach.

Thankfully HIPAA rules and regulations provide guidelines to follow before during and even after data breaches.

How To Violate Hipaa

Dont post or. Workers in the health industry deal with a large amount of highly sensitive data.

10 Most Common Hipaa Violations And How To Prevent Them Mailmystatements

By having a comprehensive hiring process in place the chances of this kind of breach happening is low.

How to violate hipaa. When you partner with an expert like Credit Glory you simplify the dispute process. But what happens if HIPAA is violated and how. It would also be a HIPAA violation if PHI can be.

Usually reporting for a level 3 HIPAA violation also requires the involvement of legal counsel in order to protect your organization. Selfies taken at work and posted to social media accounts would violate HIPAA Rules if patients are included in the photograph if prior consent has not been obtained in writing. However employers should know that occasional accidents can happen.

Individuals can accidentally violate HIPAA without ever meaning to. Being sick or injured is scary enough but knowing that someone is holding your private information that you wouldnt want to get out is even worse. We are not professional actors or dancers and apologize for our recording device that sounds like the creature from.

Fortunately HIPAA allows you to request your medical records and bring them to a new provider. Here are 5 ways that companies violate HIPAA compliance and how to avoid them. But one of the most common is from employee gossip.

Such actions are far less likely when a violation has been discovered internally and corrected to prevent a recurrence. Department of Justice is the authority that handles all the breach fines and charges for violating HIPAA regulations. Even if youre always careful mistakes do happen.

But the risks are even higher when data loss results in fines and legal action in addition to lost productivity or downtime. And if someone else happened to record your doctors outburst and put it on TikTok thats not a. There are hundreds of ways that HIPAA Rules can be violated although the most common HIPAA violations are.

Letting any of this health information leave the workplace or the bubble of authorized individuals will cause a HIPAA breach. If an uncorrected HIPAA violation is discovered during an investigation of a complaint a data breach or HIPAA audit the HHS Office for Civil Rights may choose to pursue a financial settlement to resolve the violation. We made this video for a Nursing class.

There are so many ways that these breaches occur with leaked details about patients. Use caution when discussing or viewing confidential information on devices and use your workplace healthcare messaging platform instead of regular text messaging. Although a rare type of breach these happen.

You can dispute the record on your own but theres an easier way. If the HIPAA violation is minor it might be dealt with internally without serious consequences. As with any industry malware and hackers are a real concern for HIPAA-compliant companies.

Any violation can potentially result in discipline. Sending PHI via a public fax line or through unencrypted emails is an example of ways this type of HIPAA violation could occur. HIPAA violations can easily occur as a result of failing to properly secure or store medical records.

Thats what HIPAA is for it protects us from having our information spread without our consent and keeps us safe. Theyre unforeseeable but it comes down to who you hire. Fines for reasonable cause violations range from 100 to 50000.

Dont post patient information on a social media site even when the posting is done on your own private Facebook page. There are three main ways that HIPAA violations are discovered. You remove medical collections that violate HIPPA the same way you remove inaccurate items with a dispute.

Sharing login credentials or passwords leaving portable devices unattended and texting patient information are all easy ways to commit a HIPAA violation. They split the fines and charges into two categories. Failure to follow proper data security protocols for PHI is a serious breach of HIPAA regulations.

Investigations into a data breach by OCR or state attorneys general Investigations into complaints about covered entities and business associates HIPAA compliance audits. Reasonable cause and willful neglect. With HIPAA violation fines reaching up to 50000 per occurrence and a maximum annual penalty of 15 million per violation its important for medical practices to ensure they are HIPAA compliant at all times.

10 Ways You May Be Violating HIPAA Dont access records for a patient who is no longer under your care because you are concerned about what has happened to. And while all possible HIPAA violations should be considered potential threats to your medical practice some are more common than others. Impermissible disclosures of protected health information PHI Unauthorized accessing of PHI Improper disposal of PHI.