The names of the organization have been concealed as we are focusing on the
lessons learned; not mudslinging.
Scroll down for introductory text.
Each week a new case study will be posted.
Many graduate schools use the "case study" as a teaching method.
It is in this vein that the HIPAA Breach Case Studies have been developed
to use real world stories to gain better understanding.
The HIPAA Police (a.k.a. Health & Human Services Office of Civil Rights) are the federal agents
that enforce the HIPAA rules. With each investigation and prosecution of a healthcare organization,
the HIPAA Police are sending us very clear messages and instructions. These case studies
tease out and highlight the messages from the HIPAA Police.
These case studies show that the top cause of HIPAA violations
is stolen unencrypted computer devices. Usually laptops stolen from an employee’s car.
So far, nobody has been fined for a stolen laptop that was encrypted.
ClinicNerds have several guides to get over "encryption anxiety."
These case studies help busy healthcare professionals to interpret those messages from the
HIPAA Police and to take action to prevent them in their healthcare organization.
Some HIPAA infractions are just criminal behavior by bad guys.
We skip those cases as there is nothing for us to learn.
Our case studies cover good people that made (mostly) honest mistakes.
HIPAA is so complex that it can trip up people that are trying to do the right thing.