Now, we also have common HIPAA violations by employees. When it comes to patient health information, these violations include removing PHI from the office, leaving PHI unattended, not signing off of or locking electronic devices, emailing any ePHI to your personal email, or emailing ePHI via unencrypted or non-HIPAA compliant email addresses.
The next section includes the release of PHI to an unauthorized individual and of these, there is no authorization on file to release, releasing PHI for purposes other than treatment, payment, or healthcare operations, and authorization has expired, in which you may have obtained previously, or the types of PHI to be disclosed was not specified.
Third includes a lack of training and education. And so, within this, we have an employee unaware of minimum necessary standards, an employee who is unaware of policies and procedures, or an employee who is unaware of HIPAA and the consequences of the HIPAA Violations.