HIPAA rules have been applied in different countries of the world to protect the data of customers, patients, and users. It was found that data breaches were common in business organizations. Profiting by selling customer data to other companies and nefarious actors has perpetuated an increase in the number of hacking and viral attacks. In order to control this situation, HIPAA was introduced and enforced. However, it seems like there are still many regions in the U.S. where people are not following the HIPAA rules. Recently, cyber security authorities have seen violations occurring in South Carolina.
Violation of HIPAA rules
According to the recent reports, the Medical University of South Carolina has suspended 13 employees within a year because they violated HIPAA rules. The employees snooped into the private data of the hospital and patient records. The Department of Health and Human Services has claimed that in 2017 there were 58 data breach cases in the hospital and most of them were ignored by the authorities.
- Most of the data breach cases affected a small number of patients.
- There were only 11 out of 58 cases that were categorized as snooping on medical documents.
- Other breaches were accidental mistakes. The employees accidently mailed or faxed the health information to the wrong patient.
Over the past 5 years, 30 members of the non-physician staff have been fired because of 307 data breach cases that happened in the hospital. It has been a challenge to cyber security authorities because they have not been able to control the situation. The worst-case scenario about these breaches is that none of them were documented which means it is possible many more occurred.
According to the HIPAA rules, all the breaches are supposed to be reported whether they are large or small. However, the authorities only reported data breach cases in which the data of more than 500 individuals were compromised.
Enforcement of HIPAA law
This is only the case of a single University. Research has shown that many other business organizations and small companies are dealing with the same situation. Employees are continuously violating HIPAA rules, making it difficult for businesses to maintain compliance.
These issues as well as the targeting of data by criminal enterprises is why authorities have increased efforts to protect patients. They have made it clear that violations will not be tolerated, and organizations will be held accountable for infractions.