|  | Healthcare Industry | Healthcare Management

What Federal Causes of Action Arise From Violations of HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) features standards for ensuring hospitals, health plans and health care clearinghouses protect the privacy and security of patient health information. The law also prohibits health insurers from denying or delaying health benefits based on a plan participant's health factors. The U.S. Departments of Justice, Treasury, Labor and Health and Human Services enforce HIPAA's provisions and can bring a cause of action against an organization or individual who violates the regulations.

  1. Privacy Rule

    • The top compliance issues the U.S. Department of Health and Human Services (HHS) has investigated for violations of the HIPAA privacy rule include: impermissible uses and disclosures of protected health information; lack of safeguards for protected health information; lack of patient access to information in their medical records; and uses or disclosures of more than the "minimum necessary" protected health information, according to HHS. Private practices, general hospitals, outpatient facilities, health plans and pharmacies are the top health care organizations that have received complaints for privacy rule violations.

    Security Rule

    • Due to the security rule's "technology neutral" and "scalable" features, in which each health care organization is left to determine policy and technology to safeguard data that fit its circumstances, specific causes of action for violations may vary. Failure to implement "reasonable and appropriate" security measures to protect health data from unauthorized use and disclosure constitutes a violation of the HIPAA security rule, HHS has advised. HHS has provided on its website detailed guidance to help organizations develop procedures to address the administrative, physical and technical elements of securing health care data.

    Nondiscrimination Rule

    • HHS and the U.S. Justice, Labor and Treasury Departments can bring a cause of action against a health plan that violates HIPAA's nondiscrimination provisions. HIPAA prohibits a group health plan or group health insurance issuer from denying an individual eligibility for benefits based on a health factor. HIPAA also bars insurers from charging an individual a higher premium than a "similarly situated individual" based on a health factor. Health factors include: health status, physical and mental illness, claims experience, receipt of health care, medical history, genetic information, disability and evidence of insurability, such as conditions arising out of domestic violence, according to the U.S. Department of Labor.

Healthcare Management - Related Articles