General Question for the Week of March 27, 2017

General Compliance Question of the Week


Which federal government department enforces the HIPAA rules? Can you provide examples of a violation?


The Department of Health & Human Services Office for Civil Rights enforces the HIPAA privacy, security, and breach-notification rules. Violations may result in civil monetary penalties. In some cases, criminal penalties enforced by the U.S. Department of Justice may apply.

The following are common noncompliance issues:

• Impermissible protected health information (PHI) uses and disclosures
• Lack of PHI safeguards
• Lack of patients’ access to their PHI
• Use or disclosure of more than the minimum necessary PHI
• Lack of administrative electronic PHI safeguards.

Disclaimer: Every reasonable effort was made to ensure the accuracy of this information at the time it was published. However, due to the nature of industry changes over time we cannot guarantee its validity after the year it was published.