Another area where organizations often violate HIPAA is with data management in healthcare. More specifically, the disposal of data and data backup/disaster recovery plans.
The improper disposal of ePHI and health data is a common mistake healthcare organizations make that ultimately makes them noncompliant with HIPAA, and is the final of our common HIPAA violation examples.
"When an organization disposes of electronic media which may contain ePHI, it must implement policies and procedures to ensure that proper and secure disposal processes are used," OCR said.
Furthermore, healthcare organizations often make the mistake of not backing up their data sufficiently or of not creating a robust contingency plan.
"Organizations must ensure that adequate contingency plans (including data backup and disaster recovery plans) are in place and would be effective when implemented in the event of an actual disaster or emergency situation," OCR said.
While data management in healthcare tactics, such as data backup and a disaster recovery plan, help healthcare organizations to remain HIPAA compliant, they also help in the event of a ransomware attack.