• HOME
• INDUSTRY
  • Education
  • Healthcare
  • Government
  • Business
• RESOURCES
  • Compliance
  • Risks of Non-Compliance
  • News & Enforcement
  • HIPAA White Papers
  • HIPAA Alerts
• PRODUCTS
• AFFILIATIONS
• CONTACT US
• ABOUT US

 

 

 

Risks of Non-Compliance

New changes in the HIPAA Privacy and Security rules are significant and will have a major impact on healthcare providers as well as “non-covered entities”.  Although there are a wide variety of changes including increased individual rights, the focus of this document will be on providing a summary of the changes involving enforcement. 

New enforcement provisions indicate that an approach to compliance that uses a strategy of “quick fixes” through technology will not suffice to address the new regulatory requirements.

Organizations subject to HIPAA must become proactive in their compliance efforts and understand that “voluntary compliance” is no longer the state of the regulatory environment.  Specific actions involving comprehensive business process and technology efforts must be undertaken to achieve and maintain compliance in the future.

 

Non-compliance with HIPAA brings risks of FINES, JAIL & LAWSUITS that can impact either individuals or corporate entities.

 

RISKS FOR NONCOMPLIANCE . . .

• New rules mandate audits for organizations subject to HIPAA

 

• New rules give Attorney Generals in every State the ability to sue (bring a civil action) on behalf of residents of the State against “any person” violating HIPAA in a Federal District court. The rules provide for statutory damages and State AG’s will be able to utilize private law firms to assist in carrying out their obligations under this section of the new rules.

 

• New rules provide clarification on “wrongful disclosures” and make it a criminal offense to violate the Privacy rule’s authorization requirements

 

• New rules significantly increase civil money penalties that eliminate previous defenses for non-compliance. For example, a tiered penalty structure is outlined that enables fines to be levied against “persons” that did not know about the need for compliance, up to $25,000.00 for one calendar year for one “identical violation.” In other words, a specific violation of an “identical requirement or prohibition” may not exceed $25,000.00 during a calendar year.

 

• Fines apply to persons that willfully neglect to comply with HIPAA and range from $10,000.00 per violation to $50,000.00 per violation, up to $1.5 million per calendar year for one “identical violation,” if corrective action is not taken in the case of willful neglect to comply with HIPAA. In other words, a specific violation of an “identical requirement or prohibition” may not exceed $1.5 million during a calendar year. 

 

• The rules enable the Office of Civil Rights within the Department of Health and Human Services on the federal level to continue to use “corrective action plans” to enforce HIPAA.

 

MITIGATION STEPS

In the event that a security breach or data loss occurs involving PHI, HIPAA requires that specific steps be taken to address such an incident and that actions are documented.  The mitigation process is a critical step in addressing breaches.

SEND ME INFORMATION ON HIPAA RESOURCES

©HIPAA Solutions, LC 2010

Home | Contact Us | Schedule A Briefing