Docstoc

Implications of HIPAA Non-Compliance

Document Sample
Implications of HIPAA Non-Compliance Powered By Docstoc
					                                  Implications of HIPAA Non-Compliance

To protect patient health information (PHI) from access by unauthorized entities, The Health Information
Portability and Accountability Act (HIPAA) was enacted. With the advancement in technology, patient data has
now become extensively digitized. Hence, it has become important to safeguard the privacy of patient health
information. All medical providers have to adhere to the data protection regulation if they fit the definition of a
covered entity.

"Covered entity" under the HIPAA Privacy Rule, include health plans, health care clearinghouses, and health care
providers that transmit health information electronically. Covered entities under the HIPAA Privacy Rule must
comply with the Rule's requirements for safeguarding the privacy of protected health information.

Hence, HIPAA compliance is a necessity in today’s environment as non-compliance brings risks of fines, prison, &
lawsuits that can impact either individuals or corporate entities. As part of the HIPAA Act, the federal government
has established a tiered civil penalty structure for HIPAA violations, the details of which are given below.

         If the individual did not know (and by exercising reasonable diligence would not have known) that he/she
         violated HIPAA, then the individual faces a minimum penalty of $100 per violation, with an annual
         maximum of $25,000 for repeat violations and a maximum penalty of $50,000 per violation, with an
         annual maximum of $1.5 million.
         If the HIPAA violation is due to reasonable cause and not due to willful neglect then the individual faces a
         minimum penalty of $1,000 per violation, with an annual maximum of $100,000 for repeat violations and
         a maximum penalty of $50,000 per violation, with an annual maximum of $1.5 million.
         If the HIPAA violation is due to willful neglect and if the violation is corrected within the stipulated time
         period then the individual faces a minimum penalty of $10,000 per violation, with an annual maximum of
         $250,000 for repeat violations and a maximum penalty of $50,000 per violation, with an annual maximum
         of $1.5 million.
         If the HIPAA violation is due to willful neglect and is not corrected then the individual faces a minimum
         penalty of $50,000 per violation, with an annual maximum of $1.5 million and a maximum penalty of
         $50,000 per violation, with an annual maximum of $1.5 million.

Apart from penalties, the individual also faces imprisonment that can range from one year to five years in prison.

In such circumstances, medical practitioners and health care providers need to take all possible measures to
ensure HIPAA compliance. And the most possible means to ensure compliance with HIPAA and HITECH Acts is by
deploying an automated compliance management solution to spot errors in processes or systems and to prevent
small problems escalating into large ones. Thus with such a solution, healthcare organizations can ensure
implementation of appropriate controls and safeguards to prevent unauthorized access and disclosure of sensitive
patient data.

Read more on - IT compliance and security, vendor management, threat management solutions

				
DOCUMENT INFO
Description: To protect patient health information (PHI) from access by unauthorized entities, The Health Information Portability and Accountability Act (HIPAA) was enacted. With the advancement in technology, patient data has now become extensively digitized.Hence, it has become important to safeguard the privacy of patient health information.