Question:
Which federal government department enforces the HIPAA rules? Can you provide examples of a violation?
Answer:
The Department of Health & Human Services Office for Civil Rights enforces the HIPAA privacy, security, and breach-notification rules. Violations may result in civil monetary penalties. In some cases, criminal penalties enforced by the U.S. Department of Justice may apply.
The following are common noncompliance issues:
• Impermissible protected health information (PHI) uses and disclosures
• Lack of PHI safeguards
• Lack of patients’ access to their PHI
• Use or disclosure of more than the minimum necessary PHI
• Lack of administrative electronic PHI safeguards.