A recent analysis of federal data showed that hundreds of healthcare providers have violated the Health Insurance Portability and Accountability Act in recent years.
Prominent providers such as CVS, the Department of Veterans Affairs, Walgreens and Walmart were found to have violated HIPAA multiple times between 2011 and 2014, according to the Boston Globe.
Despite the violations, the Office for Civil Rights rarely punished the providers for their transgressions. The review shows that the OCR often reminded the providers of their legal obligations and settled for promises of improvement by the providers.
RELATED: Study: 1 in 2 Hospitals Use 2-Factor Authentification for Patient Info Security
The Department of Veteran’s Affairs, or the VA, was found to have the most violations in the review, although the OCR has never publicly criticized the department.
The OCR receives thousands of HIPAA complaints each year but only rarely hands down financial penalties. The agency, which has said it is understaffed and underfunded, can also resolve complaints privately and informally, although it posts few details online about those settlements.
An OCR spokeswoman told the Globe that the office only “makes public details of cases that result in settlements and formal corrective action agreements or civil monetary penalties on our website.”
Campus Safety has previously reported on OCR audits that will begin in 2016 on healthcare providers and their business associates to actively ensure patient privacy standards are being met.
