Business meeting over HIPAA

What to expect if your business potentially has a HIPAA violation

If your business handles patients’ medical records or healthcare data, then you need to understand how HIPAA affects you. Essentially, compliance comes down to three things: protecting the data in your care, minimizing the amount of data you collect, and reporting breaches. But what are some examples of non-compliance, and how can you safeguard the data you hold? Let’s take a look.  

Common reasons for non-compliance

While there are many reasons why businesses fall short of HIPAA, here are the three most common compliance pitfalls.

1. Employee negligence

Employee negligence can include:

  • Using weak passwords
  • Clicking links in phishing emails 
  • Disclosing login details  

2. Insufficient cybersecurity

If you don’t have sufficient cyber protection in place, you’re more susceptible to data breaches.

3. Lack of knowledge

Sometimes, businesses simply don’t understand their compliance requirements. In fact, up to 70 percent of businesses aren’t HIPAA-compliant. If you’re unclear whether HIPAA applies to you, consider asking a co-managed IT provider, like KME, for guidance. 

So that’s how you might violate HIPAA, but what happens next? Read on.

What happens if you breach HIPAA

There are a few things you should do if you suspect there’s been a HIPAA violation.

  • First, assess the situation. What happened, and how many individuals did it affect?
  • If you reasonably suspect that someone used or disclosed healthcare data without authorization, you must tell the individuals concerned. You should also notify the US Department of Health & Human Services (HHS).
  • You have 60 days to report a HIPAA breach. 

If an unauthorized employee accessed data but didn’t use or disclose it, it’s not always necessary to report the breach. That said, you should always check with the HHS if you’re unsure.

Consequences of violating HIPAA

The consequences vary, but here’s a rundown of what you might expect. 

  • Business losses – Medical record breaches cost, on average, $429 per record.
  • Financial penalties – Accidental breaches cost up to $50,000, while deliberate data leaks cost much more.
  • Reputation damage and lost clients – Healthcare organizations lose over 3.9 percent of their customers after a breach.
  • Further cyberattacks – If hackers think you’re an easy target, there’s a real chance they’ll target your business again. 

How to prevent a HIPAA violation

So how do you stay on the right side of HIPAA? Here are our top tips, including why it makes sense to partner with a co-managed IT service provider.

Invest in staff training 

Ensure your employees know how to spot security threats and use strong passwords. 

Improve security

Deploy cybersecurity improvements including antivirus software, network intrusion detection, and encryption. 

Protect remote devices

If employees work remotely, ensure they only use authorized devices to access company data. 

Write a privacy policy

Draft a privacy policy telling people what rights they have and how you protect private information. 

Arrange co-managed IT support

Security laws change rapidly, and it could be difficult for your in-house team to keep pace. So, consider outsourcing your compliance needs to a co-managed IT provider to protect your data.   


HIPAA violations can seriously damage your reputation and long-term viability. The good news? Co-managed IT services can provide critical compliance support, which is one less thing for your internal IT staff to worry about. So, for more information on HIPAA compliance and how co-managed IT can help, contact KME today.