Facts You Need to Know About HIPAA
Falling out of compliance with the Health Insurance Portability and Accountability Act (HIPAA) can devastate a healthcare company’s bottom line. HIPAA is a set of patient privacy regulations that became law in 1996 after health records become computerized and more vulnerable to cyber-attack and theft.
Healthcare organizations must act within compliance when managing patient’s electronic protected health information (ePHI) or risk incurring major costs. According to the Department of Health and Human Services, healthcare companies accrued over $19 million in HIPAA violation fines during 2017. So far, hospitals and medical networks are on track to pay fines in the tens of millions once again, with a recorded $8 million in fines for 2018 so far.
Due to the threat of suffering cyber-attacks, endangering patient health information, and incurring massive fines, health organizations – large and small, must invest time and resources to ensure they are acting within regulations. This article will evaluate five facts you need to know about the importance of HIPAA compliance.
Health organizations are responsible for the theft
It might not sound fair, but health organizations can suffer fines because of falling victim to theft or a cybersecurity breach. Theft of ePHI through lost or stolen laptops, desktops, smartphones, and other devices that contain patient information can result in HIPAA fines. Mobile devices are the most vulnerable to theft because of their size. So necessary safeguards should be put into place. The following security measures are a start:
- Password protected authorization
- Encrypted files
- Two-factor authentication
- Remote data deletion protocols
Social situations can put patient information at risk
Employees’ gossiping about patients to friends or coworkers is also a HIPAA violation that can cost a practice a significant fine. Employees must be mindful of their environment, restrict conversations regarding patients to private places, and avoid sharing any patient information with friends and family.
Furthermore, an accidental breach of patient information in a social situation is quite common, especially in smaller rural areas. Most patients are not aware of HIPAA laws and may make an innocent inquiry to the healthcare provider or clinician at a social setting about their friend who is a patient. While these types of inquiries will happen, it is best to have an appropriate response planned, well in advance, to reduce the potential of accidentally releasing private patient information.
HIPAA fines are tiered according to culpability
HIPAA fines go up in scale according to the amount of prior knowledge the healthcare organization had prior to any information mishandling.
- Covered entity or individual did not know (and by exercising reasonable diligence would not have known) the act was a HIPAA violation.
$100-$50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year.
- The HIPAA violation had a reasonable cause and was not due to willful neglect.
$1,000-$50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year.
- The HIPAA violation was due to willful neglect, but the violation was corrected within the required time. $10,000-$50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year.
- The HIPAA violation was due to willful neglect and was not corrected. $50,000 or more for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year.
Beyond fines and risking confidential information, neglecting HIPAA training can result in jail time as well. If you have more questions about training and maintaining HIPAA compliance, reach out to TCOR today.
It is our job to help you identify those areas that are most vulnerable to loss. We help you design an effective program to manage your total cost of risk (TCOR). This Risk Control Plan™ helps minimize your exposures and protect your way of life. We’ll help you design a plan that suits your needs and offers you the best protection.