test 33
What is a HIPAA Violation in the Workplace? Avoid Penalties
Skip to content
  • HR + Payroll Software
  • Talent Acquisition
  • Talent Management
  • Workforce Management
  • Benefits Administration
  • Compliance Solutions
HCM Overview
Automate routine tasks, mitigate compliance risks, and drive efficiencies across your organization.

Payroll Software

Pay employees from any location and never worry about tax compliance.

HR Software

Manage all employee tasks and documents in one place.

Analytics

Get insights into your workforce to make critical business decisions.

Expense Management Software

Review, reimburse, and report on employee expenses in one location.
Streamline all aspects of recruiting and hiring so you can discover new candidates, quickly fill open positions, and provide engaging onboarding.

Recruiting Software

Find quality candidates, communicate via text, and get powerful analytics.

Automated Talent Sourcing

Leverage AI to automate sourcing and increase candidate diversity.

Onboarding Software

Connect with new hires and make a lasting first impression.
Build a great place to work where employees show up, make a difference and win together.

Talent Development

Increase engagement and inspire employees with continuous development.

Career Management Software

Retain and coach your workforce with career planning.

Paycor Paths

Support managers with development activities that build soft skills and create effective leaders.

Learning Management System

Maximize training and development with personalized content.

Pulse Surveys

Gather and convert employee feedback into real insights.

Compensation Planning

Plan, manage, and execute pay increases and rewards.
Reduce labor spend, manage overtime, and maximize productivity across your workforce.

Time + Attendance Software

Control costs and mitigate risk with accurate timekeeping.

Scheduling Software

Organize your team, manage schedules, and communicate info in real-time.
Transform open enrollment and simplify the complexity of benefits admin.

Benefits Advisor

Reduce tedious admin and maximize the power of your benefits program.

ACA Reporting Software

Eliminate the stress of ACA filing with streamlined reporting.

Workers’ Compensation

Eliminate large down payments and end-of-year surprises.
Reduce risk, save time, and simplify compliance management.

Compliance Overview

See how our solutions help you reduce risk, save time, and simplify compliance management.

Talent Acquisition

Stay ahead of recruiting and hiring regulations.

Payroll / Business Tax Credits

We help you stay updated on the latest payroll and tax regulations.

Workforce Benefits

Paycor’s compliance solutions help ensure accurate filing and mitigate risk.

Regulatory Compliance

Track critical documentation and control labor expenses.

Data & Security

Paycor has the right defenses in place to protect your data.

Transform Frontline Managers Into Effective Leaders

Paycor's COR Leadership Framework is your pathway to building a culture of effective leadership. Explore our tools and technology to learn how.
Empower Your Leaders

Transform Frontline Managers Into Effective Leaders

Paycor's COR Leadership Framework is your pathway to building a culture of effective leadership. Explore our tools and technology to learn how.
Empower Your Leaders

Transform Frontline Managers Into Effective Leaders

Paycor's COR Leadership Framework is your pathway to building a culture of effective leadership. Explore our tools and technology to learn how.
Empower Your Leaders

Transform Frontline Managers Into Effective Leaders

Paycor's COR Leadership Framework is your pathway to building a culture of effective leadership. Explore our tools and technology to learn how.
Empower Your Leaders

Transform Frontline Managers Into Effective Leaders

Paycor's COR Leadership Framework is your pathway to building a culture of effective leadership. Explore our tools and technology to learn how.
Empower Your Leaders

Simplify Compliance Management With Paycor

HR compliance is a moving target and staying ahead of ever-changing laws is time consuming. Paycor has the solutions to help.
Take Compliance Tour
  • By Industry
  • By Role
  • By Size
Paycor delivers deep product functionality, standard integrations, and certified expertise in sales and service to meet the needs of the industries and organizations we serve.
Who We Serve

Healthcare

Hire skilled nurses and manage PBJ reporting.

Professional Services

Drive engagement with talent development and career management.

Manufacturing

Claim hiring tax credits and optimize shift coverage.

Nonprofits

Control costs and make every dollar count with reporting.

Restaurants

Hire and retain staff with earned wage access.

Education

Mitigate risk with proactive payroll and tax alerts.

Retail

Engage new hires with onboarding and control costs with timekeeping.

Technology

Attract, hire, develop, and retain top tech talent, anytime, anywhere.

Finance

HR solutions purpose-built to help CFOs mitigate risk and control costs.

HR

HR solutions purpose-built to help leaders create great places to work.

Payroll

Intuitive software to help pay employees accurately and on time.

IT

Secure HR technology that fully integrates with other tools.

Recruiting

HR software that tracks candidates in every stage of the pipeline.

Owners

User-friendly HR tools that streamline daily operations.

1-49 Employees

Transform the way you process payroll, streamline onboarding, and manage employee information in one place.

50-1000 Employees

Drive engagement and increase retention with talent development and continuous learning.

1000+ Employees

Attract top talent, develop employees, and make better decisions with actionable data.

TRANSFORM FRONTLINE MANAGERS INTO EFFECTIVE LEADERS

Paycor's COR Leadership Framework is your pathway to building a culture of effective leadership. Explore our tools and technology to learn how.
Empower Your Leaders
Whether you’re a health or retirement broker, a corporate franchise leader, or a product or service company, Paycor can help take your business to the next level.
Partners

Brokers

We’ll help you win and retain clients.

Apps & Tech Partners

Seamlessly connect your favorite apps with Paycor.

Retirement Services

Automation and access for your clients.

CPAs

Get real-time analytics to HR & Payroll data.

Franchisor Opportunities

We’ll help reduce costs & mitigate risks.

Private Equity

Let’s create value across your portfolio.
Explore the latest trends and best practices to enhance your leadership and drive your organization’s success.
Resource Center

Webinars

Our popular webinars cover the latest HR and compliance trends.

Guides + White Papers

Get expert advice and helpful best practices so you can stay ahead of the latest HR trends.

Case Studies

Our customers are our heroes. Read these case studies to see why.

HR Glossary

Learn a lot in a little bit of time with our HR explainers.

Articles

Get expert guidance on HR topics in our frequently updated articles.

Perspectives+

It’s time to be agents of change. Access collaboration tools and resources that help champion equality and promote DE&I best practices in the workplace.
Learn More
Paycor’s HR software modernizes every aspect of people management, which saves leaders time and gives them the powerful analytics they need to build winning teams.
Company

Careers

There’s never been a better time to join. We’re growing and want to hear from you.

Locations

Check out Paycor’s national presence.

Our People

Paycor’s leadership brings together some of the best minds in the business.

ERGs

We’re proud to offer a growing list of Employee Resource Groups at Paycor.

News + Press

Paycor’s always in the news for innovation, hiring and more. See what’s new today.

Events

Connect with Paycor live at one of our upcoming events.

Sponsorships

Iconic sports teams trust Paycor. Check out our growing list.

AI Guiding Principles

Learn how Paycor approaches AI.

DE&I AT PAYCOR

We’re committed to building accessible opportunities for all our targeted populations. We don’t claim to be perfect, but we’re taking the right STEP toward inclusion and belonging.
Learn More
Our team of experienced sales professionals are a phone call away. Contact us today so we can learn more about your business.
Talk to Sales

Plans + Pricing

Learn more about our product bundles, cost per employee, plans and pricing.

Take a guided Tour

Seeing is believing. Check out this guided tour to see for yourself how our platform works.

Watch a Demo

View our product demos to get a deeper dive into the technology.

Solution Finder

Tell us about your organization and what you want to accomplish and we’ll recommend a custom solution.

Call Us Today:

855-752-8564

Exclusive Access to Select Products

Test drive Paycor Payroll, Onboarding, HR, and Time for 14 days.
Start Free Trial
Resource Center>Articles>What Is a HIPAA Violation in the Workplace (And How to Avoid One)

Workforce Management

What Is a HIPAA Violation in the Workplace (And How to Avoid One)

Last Updated: April 5, 2022 | Read Time: 12 min

One Minute Takeaway

  • In 2020, the U.S. experienced 1.76 data breaches of 500+ healthcare records every day, netting more than 29 million exposed records.
  • HIPAA applies to covered entities such as medical offices, but it also applies to their business associates such as accountants and records managers.
  • Medical records found in the workplace such as FMLA documentation and ADA accommodation requests are not covered by HIPAA.

If you’ve been to any type of health care provider for a check-up since 1996, you will likely recall signing a document that either denies access or gives certain people (e.g., a family member or friend) permission to accept phone calls or receive other medical information about you. That’s a HIPAA release form.

Here, we’ll explain what HIPAA is, how it applies to non-medical businesses, and how your company (even if it’s not a healthcare facility) can stay on the right side of the law.

What is HIPAA? 

The Health and Insurance Portability and Accountability Act (HIPAA… not HIPPA) is a law enacted in 1996 to, in part, prevent patients’ protected health information (PHI) from being released without their permission or knowledge. Compliance is required by covered entities such as healthcare providers and health insurers (commercial and employer sponsored), as well as those entities’ business associates such as transcriptionists and health care clearinghouses that standardize information into usable data for the Department of Health & Human Services (HHS).

Of course, most people equate HIPAA violations with medical offices and facilities. While these providers are the most widely reported violators, business associates that have absolutely nothing to do with medicine can also be fined.

What is a Business Associate?

Business associates are companies that perform diverse types of services on behalf of HIPAA covered entities, including:

  • Accounting
  • Actuarial services
  • Medical benefits management
  • Data aggregating, analysis, and transmission
  • Insurance utilization review
  • Medical billing
  • Medical practice management
  • Electronic medical records (EMR) management
  • Processing insurance claims

What HIPAA Obligations Do Business Associates Have? 

Business associates are held to the same rigorous HIPAA compliance standards as covered entities. Covered entities are required to maintain contracts outlining HIPAA standards with their business associates to help ensure patient data is safeguarded. In turn, business associates must also have written contracts with any subcontractors that they hire.

What Are Hybrid Entities?

A hybrid entity performs both non-HIPAA-related and HIPAA-related tasks. For example, a professional services company that provides an onsite medical office for the benefit of its employees would be considered a hybrid entity. The physician and staff might be employed by the company, but the medical office itself remains separate and is the only covered entity. Another example is a grocery store that has a pharmacy inside. With hybrid entities, only the part of the company that is considered a covered entity is required to comply with HIPAA regulations. 

Does HIPAA Apply to Employers? 

Medical records that are frequently found in a workplace include:

While these documents often contain personal health information, under HIPAA guidelines, they’re considered employment records and not medical records.

HIPAA also doesn’t prohibit an employer from:

  • Requesting a doctor’s note for an absence
  • Requesting information relating to healthcare coverage or wellness programs
  • Asking for proof of COVID-19 vaccine or test results

Examples of HIPAA Violations by Employers

Any company that wants to steer clear of potential workplace HIPAA violations needs to properly guard the PHI they’re responsible for.

A HIPAA violation occurs when a person’s PHI at a covered entity or business associate has fallen into the wrong hands, whether willfully or inadvertently, without that person’s consent. The major challenge for non-medical business associates is twofold:

  1. They may not be aware that HIPAA applies to them; and
  2. If they are aware, their employees may not be well-trained in the ins and outs of the law, leaving them vulnerable to infringing on patients’ privacy rights.

In 2020, the U.S. experienced 1.76 data breaches of 500+ healthcare records every day, netting more than 29 million exposed records (HIPAA Journal). These are the three most typical HIPAA workplace violations that are found in healthcare organizations:

Lost or Stolen Devices

At most businesses, losing a work phone or laptop is somewhat of a big deal, but not as huge a deal as it is for businesses that are covered by HIPAA. Covered entities are more frequently using mobile devices to communicate about patients, so PHI data breaches resulting from loss and theft are more common than you may think. Fortunately, the increased use of encryption and cloud services for data storage have helped reduce the number of loss and theft incidents.

Unsecured Patient Information

Employees who handle sensitive patient data need to know where records are stored at all times. For instance, if an employee has patient records open on their desktop computer and leaves for lunch without locking their screen, someone could easily access them, which is enough to violate HIPAA rules. And even if employees are diligent about locking their workstations, strong password protection is just as critical.

Inadequate Employee Training

If you’re a covered entity or business associate, your employees can unintentionally leak PHI and result in your business being fined. Consider these situations:

  • An employee discusses something unusual they read in a patient’s medical record with another employee in a break room full of other staff members
  • A new employee in your billing department sends a detailed medical bill to the wrong mailing address
  • An employee posts a story about a patient to their Facebook page

What Happens if a Business Violates HIPAA?

The Office for Civil Rights (OCR) is the investigating arm within the U. S. Department of Health and Human Services (HHS) that manages HIPAA violation complaints. The penalty for a HIPAA violation depends on its severity. In something of a departure from its federal department counterparts, the OCR would rather not punish violators with fines, instead preferring to offer guidance and education. But if a violation is severe enough, financial penalties will be imposed.

OCR has four categories of penalties, and the financial amounts are adjusted annually for inflation:

  • Tier 1: The covered entity or business associate was unaware of and couldn’t have avoided a violation. Minimum fine of $100/violation up to a maximum $50,000.
  • Tier 2: The covered entity or business associate should have been aware of but couldn’t have avoided a violation. Minimum fine of $1,000/violation up to a maximum $50,000.
  • Tier 3: The covered entity or business associate willfully neglected HIPAA rules and attempted to correct the violation. Minimum fine of $10,000/violation up to a maximum $50,000.
  • Tier 4: The covered entity or business associate willfully neglected HIPAA rules but did not attempt to correct the violation. Minimum fine of $50,000/violation.

What are examples of HIPAA violations?

Some examples of HIPAA violations include:

  • An emergency department employee posting a photo to social media without obscuring the faces of the people in the photo.
  • A nurse sharing a hospitalized patient’s medical history with an unauthorized family member.
  • Disposing of sensitive medical documentation without appropriately shredding it first.

What happens if an employer violates HIPAA?

If an employer is a covered entity or business associate and they violate HIPAA rules, they can be fined depending on the level of violation listed above.

Can an employee violate HIPAA?

Yes. If an employee works for a covered entity or business associate, it’s possible for them to violate HIPAA rules.

Can an employer be sued for a HIPAA violation?

No, an individual cannot sue their employer for violating HIPAA, as any medical information stored is considered part of the employment record and not protected health information. If the employer is a covered entity or business associate, and an individual feels a violation has occurred, the individual should file a complaint with the Department of Health and Human Service’s Office of Civil Rights.

Previous:

Next:

Related Resources

Article

Read Time: 9 min

The Most Important Facts About Workers’ Compensation

Maximize the benefits of workers’ compensation insurance as an employer by knowing these key points.

Read Now

Article

Read Time: 11 min

What is Middle Management and Their Role?

Learn more about the crucial functions of middle managers from organizational knowledge to interpersonal communication skills.

Read Now

Article

Read Time: 7 min

Does Your Workforce Need Implicit Bias Training?

Implicit biases can negatively impact recruiting, performance reviews and the employee experience. Read how training and processes help avoid problems.

Read Now