Indiana Health Insurance
Talk with an Expert:1-877-210-2010

Indiana Health Insurance and HIPAA Violations

Indiana health insurance has been made aware of the very first prosecution against a small medical firm for HIPAA violations. This is quite a shake up in the medical community, because traditionally the larger medical groups are monitored, rather than the “little guys”.

However, a five-person practice in Arizona has received the dubious honor of being the first small firm to be noticed by the Health Insurance Portability and Accountability Act. The Office for Civil Rights division of the Department of Health and Human Services (HHS) has issued a warning to the medical community that regardless of the size of the practice, medical offices are accountable for honoring the privacy of their patients.

The issue came to light when a complaint was filed with the Office for Civil Rights. The doctors were posting surgery schedules online, as well as appointment schedules. The calendar was accessible to the general public. The privacy rules for HIPAA have been in effect since 2003 and the security rules since 2004 and yet, this Arizona practice had not taken any steps towards compliance.

This ruling is significant in part because the case concerns failure to comply that spans several years, with multiple, continuing infractions. Indiana health insurance is taking note, because as HIPAA begins to enforce these rules, small doctor’s offices will have to be more cautious to comply with set standards. In addition, any kind of change to the status quo will involve increased costs, which means more expense for the patient in the long run.

The spokesman for the Office of Civil Rights in the HHS urged medical practices of all sizes to note the action and take care to abide by the privacy and security standards set by HIPAA.

This resolution is the first of its kind to fine a medical practice $100,000 for not abiding by HIPAA patient confidentiality rules. However, there has been other action taken by HIPAA and the OCR; namely, small and mid-sized practices were assigned corrective plans. Once the practices implement these corrective plans, the organizations will deem them to be in compliance. In the case of the Arizona practice, corrective plans were deemed insufficient in light of the severity of the non-compliance infraction.

This particular case showed the practice to be in violation of several HIPAA and OCR statutes:

  1. Failure to protect patient information
  2. Failure to document training of HIPAA policies
  3. Failure to appoint a security official in the practice to conduct risk analyses
  4. Failure to obtain agreements for email and internet scheduling services

There have also been resolution agreements, or law suits, against larger medical entities for failure to protect patient privacy. Hospitals, pharmacies, and health insurers have paid penalties of a million dollars apiece. Indiana health insurance is usually affected in some way due to the increased expense for operations in the medical community. However, the privacy of medical patients is of utmost importance to insurers, and the majority of medical offices do comply with regulations.

To learn more about the cases mentioned above, as well as obtain quotes for health insurance plans, visit