HIPPA Violations

The following essay is a sample paper for an essay on HIPPA Violations. It should not be used as a ready paper for your assignment as it is already in our website. In case you want an original paper on the same topic please order for the essay at our site and our able writers will work on it from the scratch.

HIPPA Violations


Any kind of law in any country requires total adherence, and violation of any provisions is tantamount to apprehension, jail terms and other forms of punishment in law. All laws have their own publics; for example, the Acts of Congress or parliaments regarding health have their publics ranging from the health practitioner and other practitioners who in one-way or another have to meet some health standards. If any of these practitioners fail to comply with any of the provisions in the acts, the law and the rules would catch up with the person and at times, the persons can be held liable heavily including huge punishment like jail terms. That is why all laws are regarded as state law and no particular person is immune from such kind of laws. In this paper, the discussion is one of the health acts and the violations The HIPAA violations. HIPAA stands for Health Insurance Portability and Accountability Act of the year 1996 and it spells out the privacy and security rules in this sector.

The HIPAA Rule

The Office for Civil rights enforces this rule, and it essentially protects the privacies of individuals that are identifiable in terms of health information. Some rights protect individuals and the Office for Civil Rights has the obligation to enforce the laws to the fullest if any individual or group of individual violates or goes against these provisions. Generally, the provisions or the Act is to protect the health information of people and showing of patient safety and specifically, it is protecting of identifiable information, which is used in analyzing the patient safety events and improving of the patient safety. It provides particular federal protections for the privacy of personal health information and which is generally held by the covered entities as well as giving the patients array of rights in respect to the information. As well, the privacy rule balances itself to permit disclosure of personal health information but only those that are needed for the patient care and for other health purposes.

[1]The privacy officer policy, which is under the HIPAA rule describes the role, duties and the responsibilities that go with the privacy officers. This policy should also state the officers that should carry out specific responsibilities and the roles especially the ones that relate to the breaches of the personal health information. As a medical practitioner, one is obliged to hold information as private as possible because letting out any information about a person’s health status is tantamount to putting the person in bad light. In such a case, one can be put to question following this law and if the leakage of the information leads to danger, all this would be attributed to letting out of the information. The rule calls on responsibility of any person who is at a position to access information about the patient’s health; for example, the doctor to a person who treats him or her; and this person can at times feel compelled to let out the information to undeserving persons. This being the case, and if the person gives out the information, it is possible that the patient would win in a case if he or she seeks legal interpretation on this.

There is particular information that needs to be protected; however, in general and summary, the privacy rule protects the individuals that have some identifiable health information and are the patients who may be undergoing a particular health treatment. All the information that is protected under this rule is called, Protected Heath Information (PHI) and this is the information that all persons can access the information of the other. An example is a heath center, a company where the person works or to some extent, the family members. The following is a list of information that is protected by this rule on which ought not to be let out to the public because it can constitute to criminalities.

  • The past of the individual, the present and the future of the person about the physical and the mental condition or health. Whether a person is in the hospital or is known to have a condition that may not just let the person free, no person is supposed to let out the information. Anyone contravening this can be held accountable even before the information let out to the public causes harm to the person.
  • As well, it is wrong for any individual or group of individual to give out the provisions of health care that is given to the individual whose information need not be let out to the public.
  • The past, the present and the future of the person about the payments for the health of this person should not be let out. For example, high persons in a company could be knowledgeable on the amount of money that is being paid to the medical practitioners who are treating the employee.

At times, some information can be let out to the public and the determination as to when the information can be let out is the intensity of the problem. [2]The information that can be let out to the public is referred to as the De-Identified Health Information. This is when there are no restrictions on the disclosure or the use of the health information, and generally, a person is at no obligation to maintain silence on the information he or she can come across about the health of a person.  In such, the only things that can bar a person from doing so are the ethics in a person; for example, if a patient breaks to you his or her condition and from analysis, the information is in no way a secret, the ethics of a person about this practice may bar a person from disclosing this information. However, there is no law that can bar a person from doing so when a person has already disclosed what he or she is suffering from.

[3]Difference between consent and authorization in regard to this rule and writes that the privacy rule can at times permit the letting out of the personal information if there are some consent that have been given. If a person goes ahead and tells the others about his or her condition, then, it becomes no more secret or personal as the person himself or herself has already consented on the use of this information. On the other hand, there is authorization where, the authorization is when a person is compelled to either not let out the information or give the full authority of giving out the information. In such a case, the authorization occurs when there is high need to make the public informed of what is happening and when letting out the information would help in the control measure. For example, if a person has died of a disease such as the Swine Flu, then, it is only proper to let the public on what has happened so to make the public caution themselves about their conduct. In such cases, the law has to authorize, the doctors or the medical practitioners taking care of the health of the person, and if the law does not authorize, then, these persons are not supposed to let out. At times, the person under the medical care can decide that the information ought to be known when doing so would prevent a catastrophe and not doing so would cause more harm.


HIPPA Violations

The applications of this law have gone to many fields other than the medical field, and this has tended to hit almost all sectors of the economy in the United States of America. Mostly, the law has application in health sector because people are prone to let out serious information regarding other people. Some of the information may be quite detrimental, and it is the obligation of the persons who are the caretakers of this health care industry to be cautious about what the persons who are under them in this sector goes about their business. To some extent, some of the employees in this sector allow other people to come and investigate about a particular patient without the consent of the hospital management or the sick persons; and this cuts across to all people whether in the government cycles or private areas. The government at times is called to act strong to avoid situations where the persons are exposed to some extent that their lives are put in danger or their information is used for self-interests. The interests of people who would like to see some of these people go down in terms of their successes in the society or like to have them perish totally.

[4]Information that is portrayed out to the malicious persons can be used for other dangerous means. For example, if a sick person has had some grudges with other people, one person who makes to access the information of this person can use the information to tarnish his or her name. The bottom line in this is that the HIPPA regulations as well as the PII focus on the sector of health care provisions due to the kind of sensitivity that ought to be practiced and the insensitivities that at times go on in this sector.  However, in other times, some of the government people can be allowed to access some of the information of the patients in the healthcare sector and especially if the person is under some criminal investigations. In such times, the person would be under surveillance from the investigation department until they get better and the law can take its cause.

HITECH and PII Breach

The HITECH is a substitute of the Health Information Technology for Economic and Clinical Heath Act and it was enacted as a part of the American Recovery and Reinvestment Act of the year 2009. This specifically addresses the security, the privacy concerns, and especially the ones that are associated with the transmission of the health information in an electronic way. Mostly, it’s the poor handling of personal information that constitute violations of the HIPPA Act, and this is when the health information is let out to the public in a most undeserving way. This is exposing the lives of persons in a bad way, and this can constitute serious punishments on the persons violating this act. Therefore, the HITECH is specifically to put serious cautions on the persons who have the electronic gadgets on the use of them to put other persons’ information the wrong way that can harm them directly or indirectly.

A breach is defined as doing unauthorized especially in acquisition, use, disclosure or access of information that is categorized as protected; and more so, the information regarding the health information of people[5]. However, this term does not constitute some unintentional acquisition, use or access of the information that is regarded as protected and concerning the health of a person. An employee of an organization with some information regarded as protected can come across some information and if this was very not intentional, the person cannot be held liable for such and should just be considered as very unintentional. The HITECH Act of the year 2009 is an extension of the HIPPA Act and therefore, they act hand in hand in the protection of information regarding health of persons.

The Personal Identifiable Information (PII) is used for Information Security especially about information on health status of persons. In a place such as the United States of America, this term was first used in the year 2007 in memorandum that was drafted by the Executive Office of the President, the office of management and budget and the usage of this term has now included others like guide to protecting the confidentiality of personally identifiable information. This law is mostly applicable for personal safety and especially in major professions where it is dangerous and wrong to have person’s identity becoming known, and this is because some of this information can be used maliciously to malign other people in the wrong way. In this regard therefore, the United States under the United States Department of Defense has moved to cooperate with other relevant departments to safeguard this law and generally protection of information of persons in major professions.

California Privacy Regulations

The California Privacy Regulations are contained in the California Medical Information Act, and it is more stringent than what is referred to as the Federal Privacy Rule, which is applicable in most instances. Therefore, this rule is seen to be more or supersede the HIPAA provisions; where, it goes more than just mandating that all entities that are covered by the HIPAA provisions as well as major providers implement laws to safeguard and protect the health information of people. Under the Californian law, a patient has all the rights to add an addendum to their record. Where, the addendum is put or added to the medical record of the patient. When it comes to research, the HIPAA privacy rule cannot override the Californian law and what is noted is that the Californian law provides the greater protection for privacy of the health information of a person. In this, this law provides that the research plans for use of some protected information regarding health of a person undergo approval and preview by the Institutional Review Board (IRB).

Case studies in HIPPA Act

973 A.2d 390 (2009)

408 N.J. Super. 54

Marina STENGART, Plaintiff-Appellant,
LOVING CARE AGENCY, INC., Steve Vella, Robert Creamer, Lorena Lockey, Robert Fusco, and LCA Holdings Inc., Defendants-Respondents.

No. A-3506-08T1

Case Summary and Outcome

In this case, the company had the policy that all computers in the company belonged to the company, and therefore, the information in these computers was public. Therefore, the company had to some extent the rights to view or retain the emails that were meant for the employees and the court case here was that the company had viewed the information of an employee, which was contained in the email. The company accessed the information since the sending and receiving of emails was done through the company’s laptop. On this realization, the company sent the employee off on claim of misusing the company’s computers for personal work instead of concentrating on the company’s work. The employee or the plaintiff filed the case to seek legal redress on discrimination regarding this.

Since the company had already confiscated the information, the plaintiff wanted to have the employer compelled to return the emails and the information. However, in its ruling, the court decided that the company and the employer did not act against the law on this; and this is because the exposure of information was in any way a violation and this is because this exposure was though intentional but warranted. For example, the ruling was that the company reserves these rights to exercise the right to review, intercept and audit any information as far as it is done within its mandatory. The emails and the voice mail messages as well as the internet, use for personal means was not part of the agreements in the company, and the plaintiff had contravened these company rules and regulations. Some cases exposure of information is warranted and cannot be alarming within the federal or national laws.

8 N.Y.3d 283 (2007)

864 N.E.2d 1272

832 N.Y.S.2d 873

LOUIS E. THYROFF, Appellant,

Court of Appeals of the State of New York

Case summary and outcome

This case constitutes the HITECH Acts application where, the question is as to whether or not some people are obliged to use the electronics to let out information regarding others in illegal manner. The plaintiff was an insurance agent for defendant National wide Mutual Insurance Company and in the year 1988, the parties had come to an agreement that encompassed that there are specified terms of their business relationship. In this, the company had agreed to lease Thyroff Computer hardware and software otherwise known as Agency Office Automation (AOA); a company that was owned by the plaintiff in facilitating the collection as well as the transfer of the customer information to Nationwide. In this, the AOA system used these electronics for personal e-mails as well as other storage of data for their customers and in this; Nationwide Company could access these information in the computers. Therefore, the court case constituted violation and access of information without authority from AOA and the termination of agreement.

The court argued that since the computers belonged to the company, the company could access any kind of information in these computers and therefore, Thyroff was not supposed to complain because the company accessed his information. The argument also was that the property rights are in no way offended when the employer looks at the documents in the computer as far as the computer belongs to the employer and not to the agent or the employee. Therefore, here, there was a breach of the company policy and this is in the use of the computers for personal benefits when the policy stipulates that the persons should be careful about how the information and the electronics are used. The plaintiff could not claim to be returned to the company as an agent and this is purely because he who contravened in the use of the computers. This is a case where the company does not find favor in the employee who has filed a case against the company and throws out the case in factor of the company.

Yoder v. University of Louisville

2009 WL 2406235 (W.D. Ky. Aug. 3, 2009).

Case summary and outcome

Yoder Nina was schooling in the above-mentioned university as a nursing students and she put blog in the internet. MySpace specifically that was entitled “How I witnessed the Miracle of Life”. This was describing her first experience and observation from an assignment from her school to go and watch a mother giving birth. This blog attracted a lot of controversies and specifically about the sense that this was contravening the PII law of security of information. While having such an experience was not wrong, posting such kind of information was in utmost wrong.

In this case, the court described the blog as vulgar, offensive, distasteful, uncouth and crash. The university, which had already expelled the student, was on the right to do so because it put its credibility on a hang line and that is why it had to act drastically. However, the district court found that the University of Louisville interpreted the contracts and reversed the expulsion and therefore, the court ordered that Yoder be reinstated in school. Overall, the argument was that the school was supposed to be cautious of the information that is handled by the students but the fact was that the student was in the wrong to post such kind of personal information.


The HIPPA Act stipulates that violation of privacy in terms of information is wrong, and more so the information that can be deemed harmful if it is released to the publics. As well, if a person accesses and uses information that is regareded as protected information, then, he or she is liable for punishment. However, there are cases in which the use and access of information that is regarded as protected cannot constitute legal case; for example, if the access of the information was unintentional, then the person or the company cannot be held liable for this misuse.

As well, a company can access the private information of its employees if the information is in the computers of the company or in the filing systems of the company. In such cases, it is argued that even keeping the information in such areas like computers and the filing systems is in the first way going against the company policy. This paper looks at how the HIPPA Act is used in real life situation and how the HITECH Act helps in the working of the HIPPA Act. However, in the case studies that are highlighted in this paper, it can be noted that the companies are on the right to use the information in the computers simply because the computers belong to the company and not to the employees, and the use of company computers in the first place is going against the company policy.


Golden, T. (2011). A guide to forensic accounting investigation. New Jersey: John Wiley & Sons Inc

Kiel, J. (2006). H.I.P.A.A: From theory to practice. New York: J. Pohl Associates

Klosek, J. (2010). Protecting your health privacy: A citizen’s guide to safeguarding the security of your medical information. California: ABC-CLIO

Murphy, M. (2010). The new Hipaa guide for 2010: 2009 Arra Act for Hipaa security and compliance law and HITECH act your resource guide to the new security and privacy requirements. Bloomington: AuthorHouse Publishers

Rockel, K. (2005). Stedman’s guide to the HIPAA privacy rule. Maryland: Lippincott Williams & Wilkins




[1] Golden, T. (2011). A guide to forensic accounting investigation. New Jersey: John Wiley & Sons Inc


[2] Rockel, K. (2005). Stedman’s guide to the HIPAA privacy rule. Maryland: Lippincott Williams & Wilkins


[3] Murphy, M. (2010). The new Hipaa guide for 2010: 2009 Arra Act for Hipaa security and compliance law and HITECH act your resource guide to the new security and privacy requirements. Bloomington: AuthorHouse Publishers


[4] Kiel, J. (2006). H.I.P.A.A: From theory to practice. New York: J. Pohl Associates


[5] Klosek, J. (2010). Protecting your health privacy: A citizen’s guide to safeguarding the security of your medical information. California: ABC-CLIO


Buy Website Traffic