While to date prosecutors around the country have lodged few cases asserting criminal violations of HIPAA, attorneys say the health care industry's shift to electronic medical records (EHR) will present more opportunities for unauthorized access to protected health data (PHI) that will prompt more criminal actions in the years ahead.
"The conviction of a corporate entity [for HIPAA criminal charges] is certainly allowable and supported by the criminal penalties in the statute."Although criminal prosecutions are expected to continue to focus on individual bad actors, attorney James M. Jacobson said it was not unreasonable to expect some corporate convictions in the next few years that center on “corporate policy or procedures being so lax or nonexistent that ultimately they enabled the rogue employee to act.” Organizations seeking to proactively detect data privacy breaches by employees and contractors can utilize low-cost on-demand SaaS analytics servcies.
- James M. Jacobson, partner, Nutter McClellen & Fish
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) Former Hospital Employee Sentenced for HIPAA Violations - www.Justice.gov, 02/17/2015
(b) HIPAA Criminal Charges To Gain Steam As Data Goes Digital - www.Law360.com, 08/14/2014