Even if you’ve never worked in the medical field, you’ve undoubtedly come into contact with the set of laws known as HIPAA. You know, it’s that set of forms you fill out when you go see a new doctor or fill a prescription. Most of the time you just skim it, sign it, and move on without taking the time to really read and absorb what it says. So, just how well do you know HIPAA laws and what to expect if you commit a HIPAA violation?
The History of HIPAA
The Health Insurance Portability and Accountability Act – better known as HIPAA – is a law designed towards enforcing healthcare reform. It was introduced in Congress and signed into law by former United States president Bill Clinton in 1996 and outlines several codes and regulations regarding healthcare and the information associated with it. Over the years, sections of the HIPAA law have been made clearer including the penalties of HIPAA violations and who can be held accountable under the law.
Common Violations
HIPAA violations aren’t necessarily restricted to data leaks and hackers stealing information. There are many ways that companies and individuals can knowingly and unknowingly be in HIPAA violation. The most common violations include failing to promptly release information to patients upon their request, missing patient signatures, improper disposal of patient records, employee snooping, and utilizing unprotected storage of patient healthcare information. Other violations are less obvious and can occur without the knowledge of the violator. For example, just telling friends and family members about patients inside a hospital violates HIPAA laws. Other less obvious violations include not logging off devices that contain private patient information, discussing information in public areas, sending information via email, and releasing information about minors without parental consent.
The HIPAA Violation Structure and Who’s Liable
According to revisions of the HIPAA law made in 2005 and 2009, a tiered penalty structure was created to define the penalties involved with violations and outline who was to be held liable. Companies or individuals who violate HIPAA laws by obtaining private information under false pretenses face fines and jail time. If private information is obtained with the intent to sell, transfer, use for commercial gain, or cause malicious harm, the violator is slammed with fines of up to $250,000 and 10 years in jail. The following is the penalty structure as defined by the Department of Health and Human Services:
Violation Type | Penalty Fee | Identical Violations within 1 yr |
Individual was not aware | $100 – $50,000 fine per violation | $1,500,000 max fine annually |
Reasonable cause and not willful neglect | $1,000 – $50,000 fine per violation | $1,500,000 max fine annually |
Willful neglect, corrected within 30 days | $10,000 – $50,000 fine per violation | $1,500,000 max fine annually |
Willful neglect, not corrected | $50,000 fine per violation | $1,500,000 max fine annually |
It’s highly doubtful any small to medium sized business has that type of money laying around to spend on government fines. The most frightening thing about this penalty system are the guidelines set in place of those to be held responsible. According to a section in the HIPAA law, healthcare plans, healthcare clearinghouses, providers who submit claims electronically, medicare prescription drug card sponsors, and any employee, director, or officer of covered entities can be held responsible for violating HIPAA. Individuals that are not directly responsible can even be charged with conspiracy or aiding or abetting, even if they don’t have specific knowledge of the actions taken that caused the violation!
What Can You Do?
Luckily, Hill Country Tech Guys are here to make sure you don’t experience the penalties of a HIPAA violation. By allowing them to manage your technology, they can implement systems that reduce workflow and keep you current with all HIPAA regulations. Make sure you contact them today before you’re found noncompliant!