HIPAA Enforcement Highlights


Since the compliance date of the Privacy Rule in April 2003, OCR has received over 173,426 HIPAA complaints and has initiated over 871 compliance reviews. We have resolved ninety-seven percent of these cases (168,780).

…To date, OCR has settled or imposed a civil money penalty in 53 cases resulting in a total dollar amount of $75,229,182.00. OCR has investigated complaints against many different types of entities including: national pharmacy chains, major medical centers, group health plans, hospital chains, and small provider offices.

Source: Enforcement Highlights – Current |

Read that second bit; 53 cases resulting in over 75 million in fines. If you do the math the average fine isĀ  $1,419,418. The fines are intended to be punitive – and they are.

The chances of being investigated and fined are low, however if you are, your liability insurance will not cover you, the cost can be devastating. What would happen to you and your practice if you are fined $700,000, just 1/2 the average.

The article also states that 105,971 or 61% of the complaints were dismissed. Having a complaint dismissed with no fine is nice but the cost of compliance can still be considerable, about $40,000 on average.

To protect yourself start with basic compliance. Encrypt all your practice data or PHI. Do not engage in small non compliance practices such as e-mailing x-rays that could trigger an investigation.

Leave a Reply

Your email address will not be published.