The Health Insurance portability and Accountability Act (HIPAA) of 1996 forever changed the way healthcare operates. HIPAA provides standards for consistency throughout the industry, as well as sets the guidelines for the protection of individually identifiable health information and the electronic exchange of that information.
After twenty plus years since the laws were passed, some offices are passive in their HIPAA compliance. This can be a costly error. Fines for HIPAA violations have escalated for both large and small healthcare organizations. Over the past several years, HIPAA violations have cost insurance carriers, healthcare systems, individual hospitals, private practices and a host of other healthcare related businesses fines totaling millions of dollars. A small sample of some of the breaches and associated fines include:
· A lost, unencrypted flash drive containing PHI cost a 12-physician group $150,000.
· Clinical and surgical appointments posted on a publicly accessible internet-based calendar, as well as not adopting basic HIPAA policies, cost a five-physician group $100,000.
· An orthopedic clinic failed to execute a business associate agreement (BAA) prior to turning over 17,300 patients’ PHI to a potential business partner, which cost the practice $750,000.
· Stolen laptops containing the PHI of four million individuals cost one entity $5.5 million.
· Improper computer settings on a server which allowed PHI to be viewed online was associated with a $2.14 million fine.
The Office of Civil Rights, which administers HIPAA regulations, has stepped up their efforts to audit covered entities and responds quickly to reports of data breaches. Practices should be reviewing their HIPAA Security and Privacy Manuals, as well as all associated policies and procedures. In addition, your staff should be receiving annual training regarding these policies to safeguard against any breaches.
Ensure your office’s HIPAA compliance. Visit our website for information or contact our staff to receive more information on our expansive HIPAA Consulting Services www.RRHealthstrategies.com.