Why all the fuss about HIPAA
Last updated
Was this helpful?
Last updated
Was this helpful?
Well, for two key reasons:
If the OCR finds an organization to be in violation, the following actions may take place:
Voluntary compliance;
Corrective action; and/or
Resolution agreement.
There are monetary penalties associated with HIPAA violations, and the amounts of such violations were raised considerably last year as part of the HIPAA Omnibus Rule included in the HITECH act. Previous to these new rules, the fine associated with each HIPAA violation was capped at $25,000. This number is now $1.5 million per violation.
Violation Category - Section 1176(a)(1)
Each Violation
All such violations of an identical provision in a calendar year
A. Did not know
$100-$50,000
$1,500,000
B. Reasonable Cause
$1000-$50,000
$1,500,000
C.i. Willful Neglect - Corrected
$10,000-$50,000
$1,500,000
C.ii. Willful Neglect - Not Corrected
$50,000
$1,500,000
In certain extreme HIPAA cases, individuals can be exposed to criminal risk as well. When criminal action is involved with HIPAA, the OCR hands the case off to The Department of Justice. Individuals are at risk of criminal enforcement and penalties if they “knowingly” obtain, disclose, or use PHI “in violation” of HIPAA rules. You can read a very detailed, legal opinion on what legal vs civil in the case of HIPAA. There is a lengthy discussion of the terms “knowingly” and “in violation” in that document, which is why we put them in quotes.