HIPAA Compliance

Have you ever tried to get information about a family member or a loved one at your healthcare provider, only to be met with a response that they are not authorized to disclose this information?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. HIPAA compliance benefits patients because its requirements protect a patient’s rights and helps keep their sensitive health information confidential.

How does VNA maintain HIPAA-compliance

  • VNA has strict procedures and policies set in place to avoid HIPAA violations and maintain the safety of medical records.
  • VNA employees are duly trained to prevent such HIPAA violations, and adhere to HIPAA-compliance checklist rules.
  • VNA has business associate agreements in place with vendors including hospitals, cloud storage organizations, patient messaging providers and more to insure their employees are also trained to maintain HIPAA-compliance. This prevents leakage of sensitive patient data.

What types of HIPAA violations might occur with a non-compliant healthcare provider?

Common violations

PHI disclosure

Disclosure of personal health information (PHI) to unauthorized persons is the most common HIPAA violation. PHI is any information that is personally identifiable to the patient. It represents personal information and medical history derived from patient electronic records. It includes information such as:

  • Patient treatment, prognosis, and diagnosis
  • Patient social security number, date of birth, as well as address

Other common violations

  • A physician discussing a patient’s condition with another doctor if they are not part of the patient’s treatment.
  • Medical workers disclosing patient information to a friend or relative without authorization from the patient.
  • Staff of a health insurance company discloses patient information to third parties, like insurance companies, without authorization from patient on file.

Unintentional violations

Unintentional HIPAA violations are still subject to fines. They include:

  • Devices containing protected health information, also known as ePHI or electronic protected health information, get stolen.
  • A third party that has been authorized loses a USB drive containing medical data of patients.
  • If a PHI is sent via email or fax to another person incorrectly.

Other violations

HIPAA violations do not always involve PHI. Some other types of violations to the HIPAA privacy rule include:

  • Not allowing patients to access their PHI.
  • Charging patients to obtain a copy of their PHI.
  • In the event of data breach or PHI disclosure to a third party, not informing the patient in a timely manner. This is the HIPAA breach notification rule.
  • Not taking care to dispose of PHI confidentially, securely, and properly.

Why is HIPAA compliance important to protect patient rights?

HIPAA compliance protects patient rights in several ways. Below are listed some of the most common scenarios where the patient’s information is at risk and their rights could be compromised if the healthcare provider is non-compliant or in violation of HIPAA.

Breach of privacy

PHI often contains sensitive data such as a patient’s date of birth, social security number, and home address. If this data gets into the wrong hands, it can hamper the patient’s life and result in fraud. It may expose sensitive medical history to the public, like family members and business associates.

Access of financial accounts

PHI often includes health insurance information and unauthorized persons can easily access financial data using such information. This violates the HIPAA security rule.


If a patient has an acute medical issue, disclosure of PHI can stigmatize them in society and also expose sensitive health information. It discloses individually identifiable health information to others.

Impacting future treatments

If a healthcare provider does not allow a patient to access their PHI, it can prevent them from getting to know their medical history, which impacts future treatments. Limiting a patient’s access to their PHI might prevent them from receiving a second medical opinion on their condition. Patients are then restricted when making their medical decisions.

Risking patient security

Patient medical information is not encrypted and cybercriminals tend to be drawn to unencrypted medical data. They can use this information and sell it on illegal websites. They might also use the information to find the patient’s name and social security number to file false claims. Non-compliance puts the patient at risk of identity theft.

Why is HIPAA compliance important for healthcare providers?


Keeping patient information confidential and secure and following security rules should be the topmost priority for healthcare organizations. Disclosure of such sensitive information without due authorization from the patient can damage the reputation of the healthcare company as well as the physician. It can also damage the patient’s relationship with their physician and other parties involved in their medical care.

Legal issues

Not following the due protocols for notifying patients of HIPAA violations and data breaches can result in legal penalties and charges. As a healthcare provider, not following HIPAA compliance requirements could result in facing severe fines and penalties, losing your job as an employee of the healthcare company, and suffering major consequences.

VNA Health Care ensures complete HIPAA compliance

At VNA Health Care we are compliant with all the latest HIPAA regulations. We follow HIPAA rules and ensure patient data confidentiality and security at all times. With us, you get access to affordable and high-quality medical services with the assurance of security measures for added safety of your personal data. To learn more about our medical and healthcare services, you can contact us at (630) 892-4355 to book an appointment.

VNA Health Care/Privacy Officer
400 N. Highland Ave., Aurora, IL 60506
(630) 978-2532

Your Rights as a healthcare patient:

  • Get an electronic or paper copy of your medical record
  • Ask us to correct your medical record
  • Request confidential communications
  • Ask us to limit what we use or share
  • Get a list of those with whom we’ve shared information
  • Choose someone to act for you
  • File a complaint if you feel your rights are violated

Download the complete document on your HIPAA rights here.

For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.

Changes to the Terms of this Notice

We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, in our office, and on our web site.