I just have to write what the case is about and explain how the HIPAA law was violated, how the violation impacted the patient(s), and how the incident could have been prevented. Patient Jones's doctor had ordered a CBC, electrolytes panel, PT, PTT, ABO/Rh and Rhogam if indicated. Our firm does not represent patients or other individuals with regard to alleged HIPAA or other privacy law violations. (Image: iStock-BrianAJackson). As you can see from the HIPAA fines chart, the penalty structure for violations can act as a strong deterrent for healthcare organizations. (CSMF ¶ 92; Papa Dep. HIPAA Violations Highlight Risk of Poor Employee Judgement. Data security is becoming an increasingly important concern for healthcare organizations. The disclosures of Jenna's care had not been done maliciously, criminally or even consciously. However, discussing information (even medical information) that a coworker shared does not violate HIPAA violation as long as you didn't use your position to obtain the information. Home › Blog › Everyday HIPAA Violations You Might Be Making Over the past 10 years of visiting clinics and hospitals, for business or personal reasons, it's hard for our consultants not to observe HIPAA compliance; and most of the time they're surprised at what they see. This can be purposeful or accidental. HIPAA Program Office Website. The minimum fine for a HIPAA violation starts at $100 and can grow as large as $1. Find descriptive alternatives for violation. You can find the full case study in the linked PDF.
Patient HIPAA Forms. Social media and the internet can become a big problem if others are publishing intimate aspects of your life without your permission. Data security is becoming an increasingly important concern for healthcare organizations. Some seem like innocent mistakes that just about anyone could make. Additionally, the patient may sue the violating physician and his/her affiliated parties for privacy violations. 3 million identified cases of medical identity theft, a 22 percent increase from the previous year. These cases have not only put a company at reputational risk. HIPAA violations are expensive. Kalina faces a potential maximum total sentence of 11 years in prison, a fine of $350,000, or both. The patient happened to also be an employee of the hospital. The following are examples of HIPAA violations:-Snooping, which involves reading information about a patient when you have no role in his or her care, is a HIPAA violation. A HIPAA violation is disclosure of a patient's private medical information without consent by a covered entity (e. Therefore, it’s recommended that all staff who deal with PHI be trained to understand the seriousness of HIPAA violations. And you’ll gain an understanding of the HIPAA/HITECH requirement and the current state of HIPAA compliance. You do have the right to report HIPAA violations to the Office of Civil Rights (OCR). That means that if a hospital wrongfully discloses your medical records in violation of HIPAA, you cannot file a “HIPAA suit” to recover damages for that violation. In legal terms, a HIPAA violation does not allow a "private right of action. Wouldn't it be great if there weren't hackers, lost devices were always returned intact, and employees followed the rules? Unfortunately, that is not the case.
How to report a HIPAA violation. And, frankly, no one else is as interested in us as we think that they are, so it's unlikely that anyone else around really paid any attention to the announcement once they realized it wasn't their name being called. We offer risk assessments, policies and procedures, risk management plans, security awareness & privacy training, vendor security evaluations, documentation reviews, facility security surveys, and much more. Data Breach that Costs You. What Harbaugh failed to see is that HIPAA often excludes employers. Allergy Associates of Hartford, P. Term Paper BCBST HIPAA Violation Case Analysis and 90,000+ more term papers written by professionals and your peers. Then, provide a case analysis on the HIPAA violation of patient health information (PHI) that was present in the case you selected. Here are the top five ways doctors violate HIPAA regulations without knowing it and steps they can take to decrease the occurrence of a HIPAA violation. purposes is a violation of the HIPAA privacy regulation. They were immediately fired for this access. This is a big deal because, prior to the lawsuit, it was unclear whether adhering to HIPAA could be considered a professional duty and whether failing to uphold HIPAA could be considered. You have 180 days from the day of the violation to mail, e-mail or fax a written complaint. Speak to our Philadelphia HIPAA violation lawyer from The Weitz Firm, LLC, to get a free case evaluation. Once in place, these agreements can ensure that both HIPAA and third-party violations do not occur, since the collection agency is ostensibly considered an extension of the hospital.
Wouldn't it be great if there weren't hackers, lost devices were always returned intact, and employees followed the rules? Unfortunately, that is not the case. In this post we'll cover everything you need to know to navigate HIPAA violations, all the way from what is a […] The Health Insurance Portability and Accountability Act (HIPAA) sets out the rules and regulations surrounding access to and disclosure of protected health. We interviewed the following experts to analyze what caused five high-profile HIPAA violations in the news, how each one could have been avoided and why you should act now to protect yourself from ending up in a similar situation. If a nurse breaches HIPAA, a patient cannot sue the nurse directly for a HIPAA breach. The health care organization fired Gloria Terrell for illicitly accessing the personal information of a coworker. As a result, an employee breach of the implied contract in the form of policy violation, might constitute good cause for the employer to fire the employee. Back to link 15. A data breach becomes a HIPAA violation when the breach is the result of an ineffective, incomplete or outdated HIPAA compliance program or a direct violation of an organization’s HIPAA policies. Below, you'll find a collection of HIPAA Security Risk Analysis case studies. You can find the full case study in the linked PDF. Numerous HIPAA violations have taken place when healthcare practitioners accessed records of relatives, friends or in at least one case, an ex-husband, in order to get information. The company defended itself by arguing that it should not be liable for the violation of a policy when the employee was aware that she was violating. It also clarifies that HIPAA generally overrides state laws where they are contrary to HIPAA. 502(g)(5), and 164. One type of HIPAA violation is the release of information on the Internet. 10 largest HIPAA settlement fines Ky. So do many other privacy and data security laws, such as FERPA, the FTC Act, the Gramm-Leach-Bliley Act, among others. Some seem like innocent mistakes that just about anyone could make. Recent HIPAA violations cases reported by federal law enforcement include:. 5 million per year for violations of an identical provision.
We are not required to agree to the restrictions, except in the case where the disclosure is to a health plan for purposes of carrying out payment or health care operations, is not otherwise required by law, and the PHI pertains solely to a health care item or service for which you, or a person on your behalf, has paid in full. It may also be a violation of state law depending where the conversation occurred. 502(g)(5), and 164. For example "Whateverville EMS you are needed at 42 Main street for a 57 year old male having a possible heart attack. Knapp, an employee of ProMedica Bay Park Hospital in Ohio, accessed 596 medical records in a 10-month period. However, discussing information (even medical information) that a coworker shared does not violate HIPAA violation as long as you didn't use your position to obtain the information. Each case study outlines the unique challenges facing the organization and how the HIPAA One software tool can be utilized to achieve the needed result. How To Prepare for an Investigation of a HIPAA Violation (and Prevent the Next One) Written by: R. Penalties for HIPAA violations range in severity and can carry with them penalties ranging from $100 per violation to $1. If the individual commits the violation for personal gain (i. For example, a sonographer's co-worker may decide to look at a person's medical records without authorization. HIPAA violations result in fines per offense which range between $100 and $50,000. This means that business associates are subject to most of the same privacy and data security standards that apply to covered entities and may be subject to HHS audits and penalties. Anyone has the right to file a lawsuit but realize the basis is not on the HIPAA act itself. HIPAA regulations are the cornerstone of patient privacy, and it’s a home care agency’s obligation to follow them precisely. Violations may result in civil fines from $100 for a single violation up to a total of $1. 3 Case Study on HIPAA violation that leave a patient at risk for their information to be disclosed incidentally. They are all examples of HIPAA violations that led to a healthcare professional being reprimanded, fined, or fired. Let’s get one thing clear: HIPAA allows the disclosure of health information for treatment purposes. HIPAA Violation Criminal Penalty An Individual who knowingly obtains or discloses individually identifiable health information in violation of HIPAA regulations Up to $50,000 and up to one-year imprisonment If wrongful conduct involves false pretenses Criminal penalties increase to $100,000 and up to five years imprisonment If the wrongful.
With enforcement of the HIPAA Omnibus Rule beginning September 23, 2013, TPAs can be held accountable for civil and criminal penalties for failing to properly comply with requirements. Leaks about Prince's death might be HIPAA violations TMZ said that doctors gave Prince treatment "typically administered to counteract the effects of an opiate. Kentucky HIPAA Violation Case Ruling Held by Appeals Court. If you believe a HIPAA violation has occurred, you can file a complaint with the Office for Civil Rights, or OCR, at the U. Along with Law Enforcement Officials, Social Services also have HIPAA exceptions so they can serve victims of abuse, neglect, and domestic violence. This is a big deal because, prior to the lawsuit, it was unclear whether adhering to HIPAA could be considered a professional duty and whether failing to uphold HIPAA could be considered. You can find the full case study in the linked PDF. Nurse Pleads Guilty to HIPAA Violation. The maximum penalty for a single HIPAA violation is $50,000 per violation or per record, with an annual maximum of $1. This HIPAA violation case example shows how important it is to train staff before there's a problem. The root cause was simply a lack of understanding about the physician and. Example: An elderly patient visits her doctor and waits in the waiting room until she is called. This law was enacted to help protect your rights to health insurance when you change jobs (Portability). Accordingly, one of the takeaways of this case is that physician compensation may present risk under the Stark law, even if it arguably is consistent with fair market value in the eyes of an independent valuation consultant, if some or all of the following factors are present: (1) the party paying the physician compensation is motivated by a. •Meaningful Use requirements •Required by law •Required to report breaches •OCR actively enforces law and issues fines •PHI/PII is worth millions •Breaches can result in significant losses for you and your patients •Impact of breaches is felt for years. Kalina faces a potential maximum total sentence of 11 years in prison, a fine of $350,000, or both. The biggest problem today is devices with stored patient health information, i. HIPAA regulations are enforced to protect the privacy of medical information. Even though HIPAA does not provide a private remedy, Mississippi law may. Loading Unsubscribe from Med School Radio? Fined For A Potential HIPAA Violation! - Duration: 3:42.
But the rules are intricate, and it’s easy for employees to inadvertently commit a seemingly minor violation that could result in significant penalties. In June 2014, a company by the name of Parkview Health Service violated HIPAA regulations when their employees left boxes of patient medical records on the driveway near the place of business while the office transitioned to a new location. Violations can also carry criminal charges that can result in jail time. Among its many requirements, ERISA requires all employers to act in their employees’ best interests when managing their 401(k) accounts, pensions and other retirement assets. Hipaa’s Use as Code of Silence Often Misinterprets the Law. 3) Unauthorized Access. violations and what actions are taking place to prevent and monitor possible and or actual HIPAA violations. Here are four of the most common social media HIPAA violations, plus some incredibly uncomfortable examples of violations. 45 CFR 160. In the age of laptops, smart phones, social media, and text messaging, stringency around patient privacy must be a constant consideration for physicians. So now that you know who enforces HIPAA, how do you protect against violations? The best way is by investing in the services of a HIPAA compliance agency. Designed to maximize your valuable time and customized to meet HIPAA standards while reducing your risk of non-compliance. This is not always the case. During the scheme, Michel also falsely assumed a number of roles, including posing at various times as a doctor, a nurse practitioner, and a wound care expert. PHI is commonly discussed when counseling patients, dispensing prescriptions, submitting reimbursement claims, keeping records, charging patients, contacting physicians and plans. The next hospital I would go to is 60 miles away with a fantastic PICU and NICU (if anything were to go wrong) and if it were me, I would file a formal complaint and make the move. It may be a bit unsettling to realize that many employers in fact are not covered entities. Lynne Brown, Esq. Some of the younger indi-viduals were terminated.
There are a number of ways covered entities can violate HIPAA regulations. Parkview Health System, Inc. To have a HIPAA violation, there has to be release of personal, identifiable info. The tool describes the variables of a HIPAA violation-such as recipients, circumstances of release, and disposition of the information-and ranks examples of those variables from 0 to 3. ” Under HIPAA, a covered entity is either a health plan, health care clearinghouse or a self- insured hea lth care provider. There was no sophisticated technology involved. Category 3:A violation suffered as a direct result of "willful neglect" of HIPAA Rules, in cases where an attempt has been made to correct the violation Category 4: A violation of HIPAA Rules constituting willful neglect, where no attempt has been made to correct the violation. The Health Insurance Portability and Accountability Act is a federal privacy and security law that came about in 1996 for the protection of health information. You can think of HIPAA 5010 transactions as vehicles with uniform exteriors. In addition to the $800,000 resolution amount, the. Whistleblowing A whistleblower is someone who complains about illegal activity or activity in violation of company policy at an employer. with violations of individuals' right of privacy under state case or statutory law, Mr. Below, you’ll find a collection of HIPAA Security Risk Analysis case studies. The company defended itself by arguing that it should not be liable for the violation of a policy when the employee was aware that she was violating. Generally, churches were not violating privacy laws / HIPAA before these laws were enacted. View our HIPAA fines chart below for the full HIPAA fines list. From 2011 to 2015, the number of. has agreed to pay $125,000 to the Office for Civil Rights as a settlement for HIPAA violations. When it comes to HIPAA violations, there are, sadly, plenty of examples available to serve as cautionary tales. For example, if you are being sued for a HIPAA violation, you might call the person who investigated the breach of client confidentiality.
Case results depend upon a variety of factors unique to each case. HIPAA Program Office Website. HIPAA basic overview. 25 Million in Record HIPAA Settlement. However, the law does not allow individuals to claim HIPAA violations directly in a privacy lawsuit. Sarah Ingersoll. I think Boss Dentist is just rude, not in violation of the law. Accidents happen, but when these accidents result in a HIPAA violation, it can have damaging consequences for those involved. However, there is a limit to the amount one organization can be fined annually: a whopping $1. Hyde | HIPAA | Litigation. They freak out about the possibility of a HIPAA violation. Unfortunately, this is not the case. Department of Health & Human Services, 2003. It sure is magic to have all those numbers connected to names and stored electronically on our mobile devices. The law recognizes harm in defamation cases, for example, and this harm is reputational in nature and in some cases does not involve physical or financial injury. Hospitals fined $4. For example, if you are being sued for a HIPAA violation, you might call the person who investigated the breach of client confidentiality. Their recourse under HIPAA is to file a complaint with the Office for Civil Rights (OCR).
You can find the full case study in the linked PDF. It is a violation of the Health Insurance Portability and Accountability Act ("HIPAA"). A maximum penalty amount of $1. Any complaint, breach or discovered violation can initiate mandatory investigations. Here we provide examples of unintentional HIPAA violations with the hope that they will increase vigilance among healthcare professionals. For example, if you have three children and all want to be able to speak with involved medical persons, it is your right to allow all three. Here are a few times celeb curiosity led to HIPAA violations. 27 workers couldn't resist taking a peek at the hunk's medical records, and were suspended for one month without pay. Clinical Instructor, violators can be fined and 'Jackson was indicted by a federal grand jury on a – A free PowerPoint PPT presentation (displayed as a Flash slide show) on PowerShow. We've compiled a list of 10 common HIPAA violations to be investigated by the OCR. Case management staff are not reviewing privacy notices to ensure they meet HIPAA compliance. Disclosing information about specific patients to family, friends & colleagues. 5 MILLION for repeat violations) and up to 10. Each case study outlines the unique challenges facing the organization and how the HIPAA One software tool can be utilized to achieve the needed result. If you would like to speak to a consultant regarding the HIPAA Toolkit, or are interested in professional consulting services, please visit our website. For example, a sonographer's co-worker may decide to look at a person's medical records without authorization. Step 3: Correct and Mitigate Harmful Effects. HIPAA violations in 2018 raked in a record $28.
” That means the government can punish the medical provider or business associate, but any penalties paid by the violator go to the government, not to you. This must-see video uses specific scenarios to illustrate privacy do's and don'ts. Synonyms for violation at Thesaurus. While there is no private right of action under HIPAA, a HIPAA violation lawsuit could potentially be filed following a landmark ruling by the Supreme Court in. While an individual cannot sue an office manager personally for HIPAA compliance violations, there is no doubt there is a severe penalty to be paid. Employees accessing data they’re not authorized for is a very common. 3 Case Study on HIPAA violation that leave a patient at risk for their information to be disclosed incidentally. Criminal violations of HIPAA are handled by the DOJ. You get to present evidence second. It sure is magic to have all those numbers connected to names and stored electronically on our mobile devices. While some HIPAA violations are inadvertent—a stolen laptop with patient records on it, for example—Ms. As background, HIPAA applies to health plans, health care clearinghouses and health care providers. 25 Million: HIPAA & HITECH Act Blog by Jonathan P. Risks of HIPAA violations. This can be purposeful or accidental. If research was ongoing or originated before the date HIPAA went into effect—April 14, 2003—HIPAA contains provisions that allow a researcher to use prior permissions obtained from a participant granted either by the participant through the informed consent process or by an IRB waiver.
Share on Facebook he made it known that he had medical information which he believed weakened the man's case. She is told they have no choice because HIPAA means they cannot use her last name. Examples of incidental uses and disclosures: Discussions during teaching rounds Cal. Choose from 500 different sets of hipaa flashcards on Quizlet. Question: Dear Nancy, Can an RN lose his or her nursing license over a HIPAA violation? Paige. HIPAA enforcement actions are typically initiated by a complaint, but can also be triggered by a report to HHS (eg, data breach notification), or a HIPAA audit. And if PHI is going to be attached to an email, the file should be encrypted (not just zipped) or the email should be sent using a secure email application. HIPAA is a hot button topic in healthcare, and this training program provides examples of what you and your employees need to do to comply by these government regulations. Sadly that isn't always the case. Loading Unsubscribe from Med School Radio? Fined For A Potential HIPAA Violation! - Duration: 3:42. How to report a HIPAA violation. In certain extreme HIPAA cases, individuals can be exposed to criminal risk as well. If the issue is an event, indication, or precursor the HIPAA Security Officer forwards it to the appropriate resource for resolution. In this post we’ll cover everything you need to know to navigate HIPAA violations, all the way from what is a […] The Health Insurance Portability and Accountability Act (HIPAA) sets out the rules and regulations surrounding access to and disclosure of protected health. HIPAA violations are expensive. You can see for yourself that if you are careful to keep your patient's Protected Health Information (PHI) private, there is no need to panic. This can be purposeful or accidental. Violations can involve texting, social media, mishandling of records, illegal access of patient files, or breaches that arise from social situations.
Leaks about Prince's death might be HIPAA violations TMZ said that doctors gave Prince treatment "typically administered to counteract the effects of an opiate. Hence, any business associate that contracts with a pharmacy will now be held to the same privacy standards as the pharmacy and will be subject to the same criminal and civil penalties for violations. They freak out about the possibility of a HIPAA violation. The good news is that, if your organization did not know (and even with reasonable diligence would not have known) of the violation, your maximum penalty drops significantly. Using the example above, the doctor could be convicted of a criminal offense and/or civil penalties. HIPAA is a hot button topic in healthcare, and this training program provides examples of what you and your employees need to do to comply by these government regulations. HIPAA is an acronym for the Health Insurance Portability Accountability Act. What constitutes a HIPAA violation? Giving away specific identifying information? I am writing a paper for class and would like to know if I can use a situation I encountered while riding the ambulance. mate's Constitutional rights by a nurse. Who you call as witnesses will depend on the facts of the case. And if PHI is going to be attached to an email, the file should be encrypted (not just zipped) or the email should be sent using a secure email application. A couple of other instances may provide further insight. As with most legal topics, there are exceptions. A's actions struck at the heart of what HIPAA is supposed to avoid. She is told they have no choice because HIPAA means they cannot use her last name. All of this could have been prevented had the clinic signed a BAA with the outside vendor. A Checklist For Avoiding HIPAA Violations On Social Media These examples show how easily risking a Health Insurance Portability and Accountability Act violation due to social media activity. with violations of individuals' right of privacy under state case or statutory law, Mr. To ensure that your PHI doesn't fall into the right hands, 2) Getting Hacked OR Phished. If the violation resulted from “willful neglect”, the Office for Civil Rights (“OCR”) must impose a mandatory fine of $10,000 to $50,000.
George Clooney - In 2007, the famed actor was being treated for injuries sustained in a motorcycle accident at Palisades Medical Center in New Jersey. The overall message from these and other cases involving hefty settlements is that HIPAA enforcement is taking center stage in a way that it perhaps never did in the past, experts say. Violations can also carry criminal charges. She is told they have no choice because HIPAA means they cannot use her last name. Weilert," 2010) In Weilert, supra, the Court further noted that even if the evidence was obtained in violation of HIPAA, it is still admissible in court. A signed authorization form (see sample) must be obtained for use and disclo-sure of protected health information not included in the consent. This is an act signed into law by President Bill Clinton on August 21st, 1996. Nurses HIPAA Violation Examples. HIPAA Guidelines for Healthcare Professionals. This blog has noted other instances of snooping leading to serious consequences, including the case of a UCLA researcher sentenced to prison time for reading records of celebrities and co-workers, a Texas nurse fired for unauthorized access, a California hospital fined after employees accessed Michael Jackson's records, a New York hospital. Social media and the internet can become a big problem if others are publishing intimate aspects of your life without your permission. As background, HIPAA applies to health plans, health care clearinghouses and health care providers. For customers who are subject to the requirements of the Health Insurance Portability and Accountability Act (known as HIPAA, as amended, including by the Health Information Technology for Economic and Clinical Health — HITECH — Act), Google Cloud Platform supports HIPAA compliance. ‘Prompt’ can be a very relative term, but what you need to keep in mind is that you should have a protocol of when you release information and keep to that protocol with all patients. HIPAA does not authorize individuals to sue for HIPAA violations.
Retaining final analysis in writing in case of a HIPAA law investigation. purposes is a violation of the HIPAA privacy regulation. 3 Case Study on HIPAA violation that leave a patient at risk for their information to be disclosed incidentally. HIPAA compliance is a process not a static thing, and the HIPAA Security Rule is big on organizations performing ongoing “risk analysis” to consider where they contact electronic PHI and how they’re protecting it. HIPAA violations can result in criminal prosecution. (1) Section 160. The inability to provide the most up-to-date education on HIPAA policies and procedures is a violation of the law. Health care providers and entities that are business associates of health care providers must handle volumes of patient medical information and must do so in a manner that does not violate the Health Insurance Portability and Accountability Act (HIPAA) and state privacy laws. He also had to perform 50 hours of community service educating professionals on the importance of HIPAA. How To Prepare for an Investigation of a HIPAA Violation (and Prevent the Next One) Written by: R. HIPAA Case Study Rasmussen College Author Note This research is being submitted on November 18, 2012 for Lashonda Crockett H340/HSA3422 Section 03 Regulation and Compliance in Health Care. Incidental use and disclosure of HIPAA information does not constitute a violation nor does it necessitate a report. Essay about Hipaa Violation 1541 Words | 7 Pages. CVS Caremark has agreed to settle Federal Trade Commission charges that it failed to take reasonable and appropriate security measures to protect the sensitive financial and medical information of its customers and employees, in violation of federal law. TYLER, TEXAS - A former employee of an East Texas hospital has been sentenced to federal prison for criminal HIPAA violations in the Eastern District of Texas, announced U. HIPAA violation if hospital employee get medical records for other reasons if she has a power of attorney? Is it a HIPAA violation for employees to take patient information home with them to work on? Is it in violation of the HIPAA laws to disclose if someone is in or being treated in hospital ER?.
Neal Eggeson, the lawyer who successfully argued the case in Indiana, used HIPAA to establish the standard of care. UNCG is required to identify its units that meet the CE definition, ensure CE compliance with safeguard and implementation specifications, and enforcement of CE and BA. Here’s an example of the distinction:. Sarah Ingersoll. What follows are case studies based on actual complaints alleging violations of HIPAA privacy and security rules. Fines as well as criminal penalties can be imposed on the violating institution and the individuals involved. HIPAA Violation Criminal Penalty An Individual who knowingly obtains or discloses individually identifiable health information in violation of HIPAA regulations Up to $50,000 and up to one-year imprisonment If wrongful conduct involves false pretenses Criminal penalties increase to $100,000 and up to five years imprisonment If the wrongful. State laws also may apply, although HIPPA’s affirmative obligation to allow access can override a state law that would restrict the release. A patient cannot use a HIPAA violation as a direct cause of action in a privacy lawsuit. Even if the affirmative defense regulation is not satisfied, prompt steps to correct a HIPAA violation, address vulnerabilities, and mitigate the harm from any breach are likely to significantly reduce the potential exposure. You do have the right to report HIPAA violations to the Office of Civil Rights (OCR). Course Project Rough Draft MGH HIPAA violation case Jennifer Brummage Medical Law and Ethics In the health care business, there are certain standards and laws that have been put in place to protect our patients and their personal health information. Unauthorized Release The news media is notorious for releasing personal medical information—from the most famous pop stars to local government leaders. Encryption is an easy and relatively inexpensive way to satisfy your HIPAA requirements, as many programs have encryption built in to them. Course Project Rough Draft MGH HIPAA violation case Jennifer Brummage Medical Law and Ethics In the health care business, there are certain standards and laws that have been put in place to protect our patients and their personal health information. Fraudulent payments by companies to physicians are never acceptable. Department of Health and Human Services. HIPAA Training Handbook for the Behavioral Health Staff ©2002 Opus Communications, a division of HCPro. Data Breach that Costs You. HIPAA gives patients the right to have their information kept private and secure. Hipaa Violation Case Examples.