As a small or medium-sized business, you are probably used to dealing with tech issues on a regular basis. Security issues, support issues, and even the mundane printer problems can tie up workflow. Unfortunately, if you are a medical or dental practice, your tech issues have a completely different set of consequences other than downtime and loss of productivity. There are serious consequences if you have violated compliance in regard to the privacy laws covered under HIPAA. Let’s take a closer look at the issues of compliance.
HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. HIPAA Guidelines: provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs; reduces health care fraud and abuse; mandates industry-wide standards for health care information on electronic billing and other processes; and requires the protection and confidential handling of protected health information.
It’s that last part about safeguarding patient information both physically and electronically that can get businesses in trouble. Failure to comply with HIPAA regulations can result in substantial fines being issued and criminal charges and civil action lawsuits being filed should a breach of ePHI occur. The term ePHI refers to the electronic Protected Health Information which most medical and dental practices keep instead of paper files. This allows for ease of use, better productivity, and an ability to easily confer with specialists on a patient file should the permission of the patient be given.
If practices do not install the proper technology safeguards to protect patient information while it is being accessed, stored, and transmitted, that is considered a breach of compliance. The consequences include different levels of culpability and monetary consequences thereof.
The First Tier
At this level, the covered entity could not know or reasonably have known about the breach. This comes with a $100 – $500,000 fine per incident up to $1.5 Million.
The Second Tier
The covered entity could have known or by using due diligence would have known of the violation, although they did not act with willful neglect. The fine that comes with this level is from $1,000 – $500,000 per incident up to $1.5 Million.
The Third Tier
The covered entity acted with willful neglect and corrected the problem within 30 days. The monetary fine that is associated with this level is between $10,000 and $500,000 per incident up to $1.5 Million.
The Fourth Tier
The covered entity acted with willful neglect and corrected the problem and failed to correct the problem in a timely fashion. The monetary fine that is associated with this level is between $50,000 per incident up to $1.5 Million.
This is just the monetary consequence of non-compliance. Add to this the settlements of civil lawsuits or jail time that is associated with this breach. Here is a quick outline of all the settlements in the last year.
Categorised in: compliance, data breach, hacking, IT Consulting Services, Security