The term “HIPAA violation” can conjure up images of large-scale data breaches. But health care providers need to be aware that, in the midst of the federal government’s increased focus on fraud in the health care sector, the privacy rule of the Health Insurance Portability and Accountability Act (HIPAA) is an emerging source of criminal liability. Prosecutions for HIPAA privacy violations are on the rise, possibly because they can be far easier for federal prosecutors to prove — and less conceptually complex for a jury to understand — than schemes involving kickbacks, misbranding, or false claims.
In essence, the privacy rule establishes uniform national standards to protect individuals’ medical records and other personal health information. It requires safeguards to protect privacy and sets limits on what — if anything — can be disclosed without a patient’s OK.