{"id":7139,"date":"2025-06-29T15:56:59","date_gmt":"2025-06-29T15:56:59","guid":{"rendered":"https:\/\/brightsquid.com\/us\/?p=7139"},"modified":"2025-07-07T09:58:52","modified_gmt":"2025-07-07T09:58:52","slug":"10-examples-of-hipaa-violations-how-to-prevent-them","status":"publish","type":"post","link":"https:\/\/brightsquid.com\/us\/10-examples-of-hipaa-violations-how-to-prevent-them\/","title":{"rendered":"10 Common HIPAA Violations and How to Prevent Them"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"7139\" class=\"elementor elementor-7139\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ed03190 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ed03190\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b4b61a7\" data-id=\"b4b61a7\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-05947e5 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"05947e5\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-bb4711b\" data-id=\"bb4711b\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-14dc9ee elementor-widget elementor-widget-image\" data-id=\"14dc9ee\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"1920\" height=\"600\" src=\"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2025\/06\/examples-of-hipaa-violations-banner.jpg\" class=\"attachment-full size-full wp-image-7141\" alt=\"\" srcset=\"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2025\/06\/examples-of-hipaa-violations-banner.jpg 1920w, https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2025\/06\/examples-of-hipaa-violations-banner-300x94.jpg 300w, https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2025\/06\/examples-of-hipaa-violations-banner-1024x320.jpg 1024w, https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2025\/06\/examples-of-hipaa-violations-banner-768x240.jpg 768w, https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2025\/06\/examples-of-hipaa-violations-banner-1536x480.jpg 1536w, https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2025\/06\/examples-of-hipaa-violations-banner-650x203.jpg 650w\" sizes=\"(max-width: 1920px) 100vw, 1920px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1bcb3fc elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1bcb3fc\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0503b61\" data-id=\"0503b61\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8173ad8 elementor-widget elementor-widget-text-editor\" data-id=\"8173ad8\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>When the Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996, the goal was to create a framework that would help protect sensitive patient health information (PHI) from being misused by healthcare organizations, insurance providers and allied healthcare service providers. Over the years, HIPAA has dramatically improved the baseline level of PHI security in the United States with the help of the Office for Civil Rights (OCR), which constantly monitors for HIPAA violations and levies heavy penalties for HIPAA breaches by employers.<\/p><p>In this article, we will take a closer look at the 10 most common types of HIPAA violations, both intentional and unintentional, real-world examples of HIPAA violations by employers over the last two decades, and steps that can be taken to prevent them from happening at your healthcare clinic or business.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-30a000d elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"30a000d\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-21fbd44\" data-id=\"21fbd44\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-84e42bb elementor-widget elementor-widget-text-editor\" data-id=\"84e42bb\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2><b>What is HIPAA Violation<br \/><\/b><\/h2><p><span style=\"font-weight: 400;\">Before we begin, let\u2019s understand how the OCR and the Department of Health and Human Services (HHS) define a HIPAA violation.\u00a0<\/span><\/p><p><b>A HIPAA violation is any action (or inaction) that puts a patient\u2019s protected health information at risk or fails to comply with the HIPAA privacy, security, or breach reporting standards.<\/b><\/p><p><span style=\"font-weight: 400;\">It occurs when a covered entity or its business associate fails to comply with any of the HIPAA rules. The organization responsible for the violation is charged with HIPAA breach penalties depending on the impact and nature of the breach.<\/span><\/p><h2><b>Why HIPAA Violations Still Happen in 2025<\/b><\/h2><p><span style=\"font-weight: 400;\">Since its enforcement in 1996, the OCR has received over 300,000 complaints of HIPAA rule violations and has collected more than $165 million in penalties and settlements. Over the years, healthcare organizations and businesses have become more aware and sensitised to the proper ways of handling patient health information. Needless to say, HIPAA has definitely improved the healthcare data protection and management practices in the US.\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">But despite these improvements, breaches continue to happen, especially with the advent of digitization and the rise of cyberattacks. According to the HHS, the OCR reported 588 healthcare data breaches in 2024 alone, impacting nearly 180 million individuals.\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">The cost of these breaches continues to rise, with IBM\u2019s 2024 Cost of a Data Breach report revealing that healthcare has held the highest data breach costs across all industries since 2011, averaging a staggering $10.93 million per incident.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b052bf8 elementor-widget elementor-widget-image\" data-id=\"b052bf8\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1000\" height=\"313\" src=\"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2025\/06\/cost-of-data-breach-industry-1024x320.png\" class=\"attachment-large size-large wp-image-7140\" alt=\"\" srcset=\"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2025\/06\/cost-of-data-breach-industry-1024x320.png 1024w, https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2025\/06\/cost-of-data-breach-industry-300x94.png 300w, https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2025\/06\/cost-of-data-breach-industry-768x240.png 768w, https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2025\/06\/cost-of-data-breach-industry-1536x480.png 1536w, https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2025\/06\/cost-of-data-breach-industry-650x203.png 650w, https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2025\/06\/cost-of-data-breach-industry.png 1920w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ac9689f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ac9689f\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6c4bd11\" data-id=\"6c4bd11\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4cf74ff elementor-widget elementor-widget-text-editor\" data-id=\"4cf74ff\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><em><span style=\"font-weight: 400;\">Image source: <\/span><a href=\"https:\/\/www.ibm.com\/reports\/data-breach\" target=\"blank\"><span style=\"font-weight: 400;\">IBM\u00a0<\/span><\/a><\/em><\/p><p><span style=\"font-weight: 400;\">The IBM report and other statistics point towards the need for increasing awareness among covered entities and business associates as to what constitutes a HIPAA violation and its significance and impact, so that they may take the necessary steps to prevent them and avoid heavy HIPAA breach penalties.<\/span><\/p><p><span style=\"font-weight: 400;\">Below, we list the 10 most common HIPAA Violations in the US and discuss some real-world cases associated with each.<\/span><\/p><h2 style=\"font-size: 40px;\"><b>HIPAA Violation #1 \u2013 Unauthorized Access to PHI<\/b><\/h2><p><span style=\"font-weight: 400;\">The most common type of HIPAA violation reported is the unauthorized access of PHI by employees at healthcare facilities. This happens either when an authorized employee is given access to more patient data than what is necessary to offer the required service, or when PHI access is given to employees who are not directly involved in the care service.\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">While the former is a clear violation of the HIPAA Privacy Rule\u2019s Minimum Necessary Standard, the latter violates both the HIPAA Privacy and Security Rules.<\/span><\/p><p><span style=\"font-weight: 400;\">One of the most famous examples of this HIPAA violation is the<\/span><a href=\"https:\/\/www.healthcareitnews.com\/news\/kardashian-hipaa-breach-catastrophe\" target=\"blank\"><span style=\"font-weight: 400;\"> Cedars-Sinai Medical Centre breach of 2013.<\/span><\/a><span style=\"font-weight: 400;\"> The hospital fired six of its employees for inappropriately snooping into medical records of celebrity patients, including Kim Kardashian, and faced a $95,000 HIPAA fine.\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">In this particular case, the nature of the HIPAA violation by the employees was intentional. However, the hospital was responsible for ensuring that PHI access was given only to staff members directly involved in the case, and that physical and technical safeguards were in place to protect unauthorized access.<\/span><\/p><h3 style=\"font-size: 30px;\"><b>How to Prevent<\/b><\/h3><p><span style=\"font-weight: 400;\">Here\u2019s how hospitals can prevent unauthorized access to PHI and avoid such HIPAA violations.<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Implement role-based access control that clearly identifies employees with authorization and PHI data management at each role.<\/span><\/li><\/ul><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Maintain audit logs and enable system monitoring to closely track employee activities and logins.<\/span><\/li><\/ul><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Conduct HIPAA Compliance training for employees on the &#8220;minimum necessary rule.&#8221;<\/span><\/li><\/ul><h2 style=\"font-size: 40px;\"><b>HIPAA Violation #2 \u2013 Lack of Risk Analysis and Assessment<\/b><\/h2><p><span style=\"font-weight: 400;\">After unauthorized PHI access, the next most common type of HIPAA violation reported is the failure to conduct regular risk assessments. The HIPAA Security Rule mandates that all covered entities perform risk analysis and audits on a regular basis to identify any lapses or gaps in security or privacy. However, most healthcare organizations and businesses often overlook this procedure until, of course, a breach happens.<\/span><\/p><p><span style=\"font-weight: 400;\">In February 2024,<\/span><a href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/compliance-enforcement\/examples\/all-cases\/index.html\" target=\"blank\"><span style=\"font-weight: 400;\"> a data breach at the Montefiore Medical Center<\/span><\/a><span style=\"font-weight: 400;\"> impacted over 12,000 patients. An investigation by the OCR revealed failure to conduct risk analysis and lack of adequate security procedures as reasons for the breach. This violation cost the hospital a fine of $4.75 million in addition to the loss of patient trust.<\/span><\/p><h3 style=\"font-size: 30px;\"><b>How to Prevent<\/b><\/h3><p><span style=\"font-weight: 400;\">All covered entities and business associates must strictly perform risk analysis and assessments on a regular basis. It is also a good idea to conduct external security audits. At the end of these assessments, healthcare organizations must also act on rectifying identified gaps in security. For more information, refer to the <\/span><a href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/security\/guidance\/guidance-risk-analysis\/index.html\" target=\"blank\"><span style=\"font-weight: 400;\">HHS Risk Analysis Guidance document<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p><h2 style=\"font-size: 40px;\"><b>HIPAA Violation #3 \u2013 Mishandling of PHI Disposal<\/b><\/h2><p><span style=\"font-weight: 400;\">HIPAA Compliance does not end at PHI collection, storage, and management. Proper deletion of patient information or disposal of devices that hold it is equally important. Despite strict HIPAA regulations, many clinics, hospitals, and business associates still underestimate the risks associated with mishandling physical records and electronic devices that contain sensitive patient data.\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">When documents, unencrypted hard drives, laptops and mobile devices, or medical labels are discarded improperly, organizations risk unauthorized access of PHI such as Social Security numbers, diagnosis codes, and insurance details that can be misused. This is a clear violation of the HIPAA Security Rule &#8211; Physical and Technical safeguards.<\/span><\/p><p><span style=\"font-weight: 400;\">An example of this HIPAA violation is the <\/span><a href=\"https:\/\/www.techtarget.com\/healthtechsecurity\/news\/366594674\/OCR-Settles-Improper-PHI-Disposal-Case-Resolves-Potential-HIPAA-Violation\" target=\"blank\"><span style=\"font-weight: 400;\">New England Dermatology and Laser Center (NEDLC) incident of 2021.<\/span><\/a><span style=\"font-weight: 400;\"> The Massachusetts-based practice had been disposing \u201cspecimen containers with an attached label that contained PHI as regular waste, bagged and placed in an exterior dumpster accessible via the parking lot, without alteration to the PHI containing label,\u201d the OCR stated, imposing a HIPAA fine of $300,640.<\/span><\/p><h3 style=\"font-size: 30px;\"><b> How to Prevent<\/b><\/h3><p><span style=\"font-weight: 400;\">Here are some steps to ensure that your healthcare organization does not violate the PHI disposal provisions within HIPAA.<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Ensure all physical documents containing PHI, like lab reports, patient charts, and medical labels are shredded before disposing.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">All old hard drives containing PHI must be securely wiped before disposing.<\/span><\/li><\/ul><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">It is best to use HIPAA-certified disposal vendors<\/span><\/li><\/ul><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Conduct HIPAA Compliance training for staff on proper PHI disposal and policies.<\/span><\/li><\/ul><h2 style=\"font-size: 40px;\"><b>HIPAA Violation #4 \u2013 Lost or Stolen Devices Without Encryption<\/b><\/h2><p><span style=\"font-weight: 400;\">Unencrypted mobile devices, laptops, or USB drives pose significant risks under HIPAA rules. Encryption of technology that handles PHI is mandatory for HIPAA compliance, and failure to do so makes it a violation of the HIPAA Security Rule. When lost or stolen, these unencrypted devices can leave PHI susceptible to misuse.<\/span><\/p><p><span style=\"font-weight: 400;\">In 2021, <\/span><a href=\"https:\/\/www.upguard.com\/blog\/worst-hipaa-violation-cases\" target=\"blank\"><span style=\"font-weight: 400;\">CardioNet, a cardiac monitoring service provider, faced a $2.5 million penalty <\/span><\/a><span style=\"font-weight: 400;\">after an employee&#8217;s unencrypted laptop containing the PHI of over 1,300 patients was stolen from a parked car. The wireless health service provider did not have any policies for securing their mobile devices&#8217; physical protection, and did not have any encryption implemented to secure ePHI.\u00a0<\/span><\/p><h3 style=\"font-size: 30px;\"><b> How to Prevent<\/b><\/h3><p><span style=\"font-weight: 400;\">Strict adherence to the HIPAA Security Rule is the only way to prevent such violations. According to the Rule\u2019s Physical Safeguards,<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">All devices that contain PHI and ePHI must be secured and encrypted\u00a0<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Covered entities and businesses must have remote access wiping tools that allow for the secure disposal of ePHI<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Mobile device management (MDM) systems are recommended for organizations that rely heavily on mobile devices for care services<\/span><\/li><\/ul><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Employees must be trained on the importance of keeping devices safe<\/span><\/li><\/ul><h2 style=\"font-size: 40px;\"><b>HIPAA Violation #5 \u2013 Failure to Enter Business Associate Agreements (BAAs)<\/b><\/h2><p><span style=\"font-weight: 400;\">A Business Associate Agreement (BAA) is a legally required contract between a covered entity and a business associate. As a third party that handles PHI on behalf of the covered entity, business associates like billing companies, cloud service providers, etc, must not handle PHI or ePHI without a properly executed BAA signed by both parties.<\/span><\/p><p><span style=\"font-weight: 400;\">Unfortunately, this clause under the HIPAA Privacy Rule is often overlooked, either due to ignorance or lack of knowledge on vendor qualification procedures. This type of HIPAA violation can have a huge impact on patient data security and can attract huge fines from the OCR.<\/span><\/p><p><span style=\"font-weight: 400;\">Without a valid BAA, the covered entities, like hospitals and clinics become completely liable for any HIPAA violation caused by the vendor. The<\/span><a href=\"https:\/\/compliancy-group.com\/750000-hipaa-settlement-north-carolina-lack-business-associate-agreements\/\" target=\"blank\"><span style=\"font-weight: 400;\"> Raleigh Orthopaedic Clinic breach incident<\/span><\/a><span style=\"font-weight: 400;\"> is an example of the case in point.<\/span><\/p><p><span style=\"font-weight: 400;\">The North Carolina-based healthcare provider had disclosed x-rays and associated PHI of 17,300 patients to an organization that was hired to digitize the images, without entering a BAA. This act led to a data breach in 2013, which was investigated by the OCR and cost the clinic $750,000 in HIPAA settlement.<\/span><\/p><h3 style=\"font-size: 30px;\"><b>How to Prevent<\/b><\/h3><p><span style=\"font-weight: 400;\">When dealing with business associates, healthcare providers, and other covered entities must ensure the following to stay compliant and steer clear of such violations.<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Ensure all vendors with access to PHI sign a BAA<\/span><\/li><\/ul><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Maintain an updated vendor risk register<\/span><\/li><\/ul><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Conduct vendor due diligence and audits<\/span><\/li><\/ul><p><span style=\"font-weight: 400;\">Read more about the HHS provisions for BAA <\/span><a href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/covered-entities\/sample-business-associate-agreement-provisions\/index.html\" target=\"blank\"><span style=\"font-weight: 400;\">here<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p><h2 style=\"font-size: 40px;\"><b>HIPAA Violation #6 \u2013 Inadequate Employee Training<\/b><\/h2><p><span style=\"font-weight: 400;\">Any organization or business that handles PHI is not fully compliant with HIPAA until all of its employees have a proper understanding of HIPAA rules and regulations. Covered entities and business associates that do not train their employees on the proper ways of collecting, handling, managing, storing, and disposing PHI and ePHI, risk increased likelihood of data breaches. Even the most advanced security systems can&#8217;t protect PHI if the people using them aren&#8217;t trained to do so.<\/span><\/p><p><span style=\"font-weight: 400;\">Lack of employee training is often cited as a root cause in enforcement actions. Employees without proper HIPAA Compliance training are more likely to click on phishing links, mishandle printed records, lose unencrypted devices, or share PHI through unsecured channels.\u00a0<\/span><\/p><h3 style=\"font-size: 30px;\"><b>How to Prevent<\/b><\/h3><p><span style=\"font-weight: 400;\">Healthcare organizations and businesses need to conduct regular <\/span><a href=\"https:\/\/brightsquid.com\/us\/hipaa-breach-prevention-training\/\"><span style=\"font-weight: 400;\">HIPAA Compliance training<\/span><\/a><span style=\"font-weight: 400;\"> for their employees. These training sessions must be made mandatory while onboarding new employees. They must also encourage existing employees to take refresher courses on an annual basis so that they stay updated on the latest HIPAA rules and regulations.<\/span><\/p><p><span style=\"font-weight: 400;\">In order to make these trainings effective, organizations can,<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Customize training based on employee roles and responsibilities.<\/span><\/li><\/ul><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Maintain detailed training records that include dates, modules completed, and quiz results. These can be used during audits or OCR investigations to demonstrate compliance.<\/span><\/li><\/ul><h2 style=\"font-size: 40px;\"><b>HIPAA Violation #7 \u2013 Delay in HIPAA Breach Notification<\/b><\/h2><p><span style=\"font-weight: 400;\">According to the HIPAA Breach Notification Rule, failure to notify the OCR or the HHS about a breach within the stipulated time is a HIPAA violation on its own. This category of violation is more common than one would expect, and happens both intentionally (to cover the breach incident) and unintentionally (due to lack of knowledge about notification timelines or magnitude of breach impact).<\/span><\/p><p><span style=\"font-weight: 400;\">Under the rule, covered entities and business associates are legally required to notify affected individuals, the HHS, and in some cases the media within 60 days of discovering a breach involving unsecured PHI. This OCR penalises this violation aggressively because not only does it constitute a non-compliance, but it also delays necessary actions that could mitigate harm for patients affected by the breach.<\/span><\/p><p><span style=\"font-weight: 400;\">In February 2024, Change Healthcare, a subsidiary of UnitedHealth Group, suffered a <\/span><a href=\"https:\/\/www.reuters.com\/technology\/cybersecurity\/unitedhealth-issues-breach-notification-change-healthcare-hack-2024-06-20\/\" target=\"blank\"><span style=\"font-weight: 400;\">massive ransomware attack that compromised a vast amount of patient data<\/span><\/a><span style=\"font-weight: 400;\">, reportedly impacting one-third of the US population. While the breach occurred in February, notifications to affected individuals didn&#8217;t begin until late July, well past the 60-day deadline mandated by HIPAA.<\/span><\/p><p><span style=\"font-weight: 400;\">This delay sparked widespread criticism and concern, as it may have prevented patients from taking timely protective measures such as identity theft monitoring or securing their financial accounts.<\/span><\/p><h3 style=\"font-size: 30px;\"><b> How to Prevent<\/b><\/h3><p><span style=\"font-weight: 400;\">Failure to report a breach promptly is often caused by a lack of preparedness or unclear internal protocols, or even a lack of understanding of reporting timelines. Here\u2019s how organizations can avoid this common misstep:<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Establish a clear breach response policy and protocols that outline breach identification, accountability, and communication channels for escalations.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Conduct HIPAA breach response and notification training to compliance officers and IT staff.\u00a0<\/span><\/li><\/ul><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use HIPAA-compliant incident management tools that detect and log potential breaches in real time.<\/span><\/li><\/ul><h2 style=\"font-size: 40px;\"><b>HIPAA Violation #8 \u2013 Sharing PHI via Unsecured Communication Channels<\/b><\/h2><p><span style=\"font-weight: 400;\">Using unsecured communication channels to share ePHI is a very common yet easily preventable HIPAA violation. This violation includes using personal email accounts, SMS\/text messages, or unencrypted messaging platforms like WhatsApp or standard email clients to send sensitive patient data.<\/span><\/p><p><span style=\"font-weight: 400;\">This act is in direct violation of the HIPAA Security Rule, which mandates the use of protected and encrypted communication channels for sharing ePHI.\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">An example of such a violation is the <\/span><a href=\"https:\/\/www.kazlg.com\/american-medical-technologies-data-breach\/\" target=\"blank\"><span style=\"font-weight: 400;\">American Medical Technologies (AMT) Data Breach of 2019<\/span><\/a><span style=\"font-weight: 400;\">. The AMT data breach impacted over 47,000 patients and exposed data including their names, medical record numbers, Social Security numbers, diagnosis information, health insurance policy numbers, and other personal identifiers.<\/span><\/p><p><span style=\"font-weight: 400;\">Upon investigation, it was revealed that the supplier of medical supplies had been using an unsecured email, lacking proper encryption or access control to share PHI. This incident served as a reminder of the importance of using <\/span><a href=\"https:\/\/brightsquid.com\/us\/secure-mail\/\" target=\"blank\"><span style=\"font-weight: 400;\">HIPAA-compliant email service providers <\/span><\/a><span style=\"font-weight: 400;\">for healthcare.<\/span><\/p><h3 style=\"font-size: 30px;\"><b> How to Prevent<\/b><\/h3><p><span style=\"font-weight: 400;\">Securing communication channels should be a top priority for any organization handling PHI. Here&#8217;s how to proactively prevent this type of HIPAA breach:<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Implement HIPAA-compliant communication tools such as Brightsquid Secure Mail.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Ensure that patient portals are encrypted<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Block or restrict access to personal email accounts on work devices.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Disable auto-forwarding of emails that may contain PHI.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Educate employees on what constitutes ePHI and why standard email\/texting tools are not secure.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Provide step-by-step guidance on how to use secure messaging tools.<\/span><\/li><\/ul><h2 style=\"font-size: 40px;\"><b> HIPAA Violation #9 \u2013 No Patient Authorization for Disclosure<\/b><\/h2><p><span style=\"font-weight: 400;\">Another frequently overlooked HIPAA violation is the disclosure of PHI without written consent from the patient. Covered entities and business associates must ensure that they obtain a written consent from patients before disclosing PHI, unless the disclosure is specifically permitted or required under HIPAA (such as for treatment, payment, or healthcare operations).\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">A violation under the HIPAA Privacy Rule, such disclosures can undo years of reputation building and attract heavy fines from the HHS.<\/span><\/p><p><span style=\"font-weight: 400;\">An example of such a violation can be found under the <\/span><a href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/compliance-enforcement\/examples\/all-cases\/index.html\" target=\"blank\"><span style=\"font-weight: 400;\">HHS case files, <\/span><\/a><span style=\"font-weight: 400;\">where an \u201cHMO impermissibly disclosed a member\u2019s entire medical record to a disability insurance company without obtaining a valid authorization. The OCR investigation revealed that the form used was not compliant with the HIPAA Privacy Rule.\u201d<\/span><\/p><h3 style=\"font-size: 30px;\"><b>How to Prevent<\/b><\/h3><p><span style=\"font-weight: 400;\">To remain compliant and protect patient privacy, healthcare organizations must treat consent documentation and authorization forms with the same level of care as clinical records. Here\u2019s what you can do to stay clear of such violations.<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Always obtain appropriate written authorization for non-treatment disclosures.<\/span><\/li><\/ul><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use digital consent management tools that provide time-stamped consent logging and are easy to track and retrieve<\/span><\/li><\/ul><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Train staff on HIPAA-compliant release forms<\/span><\/li><\/ul><h2 style=\"font-size: 40px;\"><b>HIPAA Violation #10 \u2013 Poor Physical Safeguards<\/b><\/h2><p><span style=\"font-weight: 400;\">In a world where everything is being digitized and cloud-sourced, maintaining proper physical safeguards for PHI can sometimes be overlooked. However, this is an important part of the HIPAA Security Rule.\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">For instance, healthcare organizations must ensure that charts, files, computers, and other sources of PHI are not visible, accessible, or vulnerable to unauthorized individuals in physical environments, such as waiting rooms, administrative offices, or shared workspaces.<\/span><\/p><p><span style=\"font-weight: 400;\">A HIPAA violation occurs when organizations fail to restrict physical access to sensitive data, increasing the risk of theft, loss, or accidental disclosure.<\/span><\/p><p><span style=\"font-weight: 400;\">In one of the largest HIPAA settlements to date, <\/span><a href=\"https:\/\/www.careersinfosecurity.com\/advocate-health-hit-record-55-million-hipaa-penalty-a-9307\" target=\"blank\"><span style=\"font-weight: 400;\">Advocate Health Care Network experienced a significant data breach <\/span><\/a><span style=\"font-weight: 400;\">affecting approximately 4 million patients when their unencrypted desktop computers were stolen. The largest health system in Illinois had to make a massive $5.55 million settlement with the HHS, along with mandatory corrective actions.\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">The OCR investigation revealed that Advocate failed to implement appropriate physical safeguards to protect patient information. Specifically, the organization did not adequately limit physical access to the workstations, nor did it ensure the devices were secured with encryption.<\/span><\/p><h3 style=\"font-size: 30px;\"><b> How to Prevent<\/b><\/h3><p><span style=\"font-weight: 400;\">Covered entities and business associates must implement physical safeguards to ensure that their PHI remains secure. Here are some practices that might help:<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Secure workstation layouts<\/span><\/li><\/ul><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use privacy screens on monitors<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use electronic access systems to restrict entry to file storage rooms, server closets, administrative offices, etc.<\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>When the Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996, the goal was to create a framework that would [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":7141,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[49],"class_list":["post-7139","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-brightsquid-blog","tag-hipaa"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.1 (Yoast SEO v24.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>10 Common Examples of HIPAA Violations | Brightsquid Blog<\/title>\n<meta name=\"description\" content=\"This article covers the 10 most common examples of HIPAA Violations and steps you can take to prevent them.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/brightsquid.com\/us\/10-examples-of-hipaa-violations-how-to-prevent-them\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"10 Common HIPAA Violations and How to Prevent Them\" \/>\n<meta property=\"og:description\" content=\"This article covers the 10 most common examples of HIPAA Violations and steps you can take to prevent them.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/brightsquid.com\/us\/10-examples-of-hipaa-violations-how-to-prevent-them\/\" \/>\n<meta property=\"og:site_name\" content=\"Brightsquid US | Simplify Clinic Operations, Prevent Privacy Breaches\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-29T15:56:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-07T09:58:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2025\/06\/examples-of-hipaa-violations-banner.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jeff MacKay\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeff MacKay\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/brightsquid.com\/us\/10-examples-of-hipaa-violations-how-to-prevent-them\/\",\"url\":\"https:\/\/brightsquid.com\/us\/10-examples-of-hipaa-violations-how-to-prevent-them\/\",\"name\":\"10 Common Examples of HIPAA Violations | Brightsquid Blog\",\"isPartOf\":{\"@id\":\"https:\/\/brightsquid.com\/us\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/brightsquid.com\/us\/10-examples-of-hipaa-violations-how-to-prevent-them\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/brightsquid.com\/us\/10-examples-of-hipaa-violations-how-to-prevent-them\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2025\/06\/examples-of-hipaa-violations-banner.jpg\",\"datePublished\":\"2025-06-29T15:56:59+00:00\",\"dateModified\":\"2025-07-07T09:58:52+00:00\",\"author\":{\"@id\":\"https:\/\/brightsquid.com\/us\/#\/schema\/person\/03b64025f65c46c9c533c12786f64970\"},\"description\":\"This article covers the 10 most common examples of HIPAA Violations and steps you can take to prevent them.\",\"breadcrumb\":{\"@id\":\"https:\/\/brightsquid.com\/us\/10-examples-of-hipaa-violations-how-to-prevent-them\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/brightsquid.com\/us\/10-examples-of-hipaa-violations-how-to-prevent-them\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/brightsquid.com\/us\/10-examples-of-hipaa-violations-how-to-prevent-them\/#primaryimage\",\"url\":\"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2025\/06\/examples-of-hipaa-violations-banner.jpg\",\"contentUrl\":\"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2025\/06\/examples-of-hipaa-violations-banner.jpg\",\"width\":1920,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/brightsquid.com\/us\/10-examples-of-hipaa-violations-how-to-prevent-them\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/brightsquid.com\/us\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"10 Common HIPAA Violations and How to Prevent Them\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/brightsquid.com\/us\/#website\",\"url\":\"https:\/\/brightsquid.com\/us\/\",\"name\":\"Brightsquid US | Simplify Clinic Operations, Prevent Privacy Breaches\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/brightsquid.com\/us\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/brightsquid.com\/us\/#\/schema\/person\/03b64025f65c46c9c533c12786f64970\",\"name\":\"Jeff MacKay\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/brightsquid.com\/us\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/790e1d13d64ada71f29d7fbed1e81c84?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/790e1d13d64ada71f29d7fbed1e81c84?s=96&d=mm&r=g\",\"caption\":\"Jeff MacKay\"},\"description\":\"Jeff MacKay, Director of Marketing at Brightsquid, is an optimizer with 20+ years of doing, learning, and leading in communications and advanced business technology implementation. For nearly a decade, he has focused on operational efficiency in healthcare, helping thousands of organizations implement more effective processes while also supporting enhanced privacy compliance. A true collaborator, Jeff pushes teams to challenge the status quo, rolling up his sleeves to help implement the resulting innovations. Jeff is a regular conference speaker, student of practical privacy compliance, cybersecurity trends, and technology in healthcare.\",\"jobTitle\":\"Director of Marketing\",\"url\":\"https:\/\/brightsquid.com\/us\/author\/jeff\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"10 Common Examples of HIPAA Violations | Brightsquid Blog","description":"This article covers the 10 most common examples of HIPAA Violations and steps you can take to prevent them.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/brightsquid.com\/us\/10-examples-of-hipaa-violations-how-to-prevent-them\/","og_locale":"en_US","og_type":"article","og_title":"10 Common HIPAA Violations and How to Prevent Them","og_description":"This article covers the 10 most common examples of HIPAA Violations and steps you can take to prevent them.","og_url":"https:\/\/brightsquid.com\/us\/10-examples-of-hipaa-violations-how-to-prevent-them\/","og_site_name":"Brightsquid US | Simplify Clinic Operations, Prevent Privacy Breaches","article_published_time":"2025-06-29T15:56:59+00:00","article_modified_time":"2025-07-07T09:58:52+00:00","og_image":[{"width":1920,"height":600,"url":"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2025\/06\/examples-of-hipaa-violations-banner.jpg","type":"image\/jpeg"}],"author":"Jeff MacKay","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Jeff MacKay","Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/brightsquid.com\/us\/10-examples-of-hipaa-violations-how-to-prevent-them\/","url":"https:\/\/brightsquid.com\/us\/10-examples-of-hipaa-violations-how-to-prevent-them\/","name":"10 Common Examples of HIPAA Violations | Brightsquid Blog","isPartOf":{"@id":"https:\/\/brightsquid.com\/us\/#website"},"primaryImageOfPage":{"@id":"https:\/\/brightsquid.com\/us\/10-examples-of-hipaa-violations-how-to-prevent-them\/#primaryimage"},"image":{"@id":"https:\/\/brightsquid.com\/us\/10-examples-of-hipaa-violations-how-to-prevent-them\/#primaryimage"},"thumbnailUrl":"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2025\/06\/examples-of-hipaa-violations-banner.jpg","datePublished":"2025-06-29T15:56:59+00:00","dateModified":"2025-07-07T09:58:52+00:00","author":{"@id":"https:\/\/brightsquid.com\/us\/#\/schema\/person\/03b64025f65c46c9c533c12786f64970"},"description":"This article covers the 10 most common examples of HIPAA Violations and steps you can take to prevent them.","breadcrumb":{"@id":"https:\/\/brightsquid.com\/us\/10-examples-of-hipaa-violations-how-to-prevent-them\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/brightsquid.com\/us\/10-examples-of-hipaa-violations-how-to-prevent-them\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/brightsquid.com\/us\/10-examples-of-hipaa-violations-how-to-prevent-them\/#primaryimage","url":"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2025\/06\/examples-of-hipaa-violations-banner.jpg","contentUrl":"https:\/\/brightsquid.com\/us\/wp-content\/uploads\/sites\/2\/2025\/06\/examples-of-hipaa-violations-banner.jpg","width":1920,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/brightsquid.com\/us\/10-examples-of-hipaa-violations-how-to-prevent-them\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/brightsquid.com\/us\/"},{"@type":"ListItem","position":2,"name":"10 Common HIPAA Violations and How to Prevent Them"}]},{"@type":"WebSite","@id":"https:\/\/brightsquid.com\/us\/#website","url":"https:\/\/brightsquid.com\/us\/","name":"Brightsquid US | Simplify Clinic Operations, Prevent Privacy Breaches","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/brightsquid.com\/us\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/brightsquid.com\/us\/#\/schema\/person\/03b64025f65c46c9c533c12786f64970","name":"Jeff MacKay","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/brightsquid.com\/us\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/790e1d13d64ada71f29d7fbed1e81c84?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/790e1d13d64ada71f29d7fbed1e81c84?s=96&d=mm&r=g","caption":"Jeff MacKay"},"description":"Jeff MacKay, Director of Marketing at Brightsquid, is an optimizer with 20+ years of doing, learning, and leading in communications and advanced business technology implementation. For nearly a decade, he has focused on operational efficiency in healthcare, helping thousands of organizations implement more effective processes while also supporting enhanced privacy compliance. A true collaborator, Jeff pushes teams to challenge the status quo, rolling up his sleeves to help implement the resulting innovations. Jeff is a regular conference speaker, student of practical privacy compliance, cybersecurity trends, and technology in healthcare.","jobTitle":"Director of Marketing","url":"https:\/\/brightsquid.com\/us\/author\/jeff\/"}]}},"_links":{"self":[{"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/posts\/7139"}],"collection":[{"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/comments?post=7139"}],"version-history":[{"count":19,"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/posts\/7139\/revisions"}],"predecessor-version":[{"id":7160,"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/posts\/7139\/revisions\/7160"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/media\/7141"}],"wp:attachment":[{"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/media?parent=7139"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/categories?post=7139"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/brightsquid.com\/us\/wp-json\/wp\/v2\/tags?post=7139"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}