HIPAA Enforcement Highlights

by Larry Emmott on March 15, 2018

in Security

From HHS.gov

Since the compliance date of the Privacy Rule in April 2003, OCR has received over 173,426 HIPAA complaints and has initiated over 871 compliance reviews. We have resolved ninety-seven percent of these cases (168,780).

…To date, OCR has settled or imposed a civil money penalty in 53 cases resulting in a total dollar amount of $75,229,182.00. OCR has investigated complaints against many different types of entities including: national pharmacy chains, major medical centers, group health plans, hospital chains, and small provider offices.

Source: Enforcement Highlights – Current | HHS.gov

Read that second bit; 53 cases resulting in over 75 million in fines. If you do the math the average fine isĀ  $1,419,418. The fines are intended to be punitive – and they are.

The chances of being investigated and fined are low, however if you are, your liability insurance will not cover you, the cost can be devastating. What would happen to you and your practice if you are fined $700,000, just 1/2 the average.

The article also states that 105,971 or 61% of the complaints were dismissed. Having a complaint dismissed with no fine is nice but the cost of compliance can still be considerable, about $40,000 on average.

To protect yourself start with basic compliance. Encrypt all your practice data or PHI. Do not engage in small non compliance practices such as e-mailing x-rays that could trigger an investigation.

by: at .

Share

Comments on this entry are closed.

Previous post:

Next post: