Think you can disregard or only be partially compliant with HIPAA?
The HIPAA Privacy and Security Rules are federal and national standards to protect patients’ privacy of their sensitive medical records. The Office for Civil Rights strictly enforces these rules to protect all patients from discrimination and to keep their sensitive health information private. Any covered entity or business associate found not upholding these rules will be severely punished.
How Compliance Is Enforced
OCR enforces HIPAA’s Privacy and Security Rules in three ways:
- Investigating complaints that are filed with them.
- Performing compliance reviews to decide if organizations are HIPAA compliant.
- Conducting training and outreach to promote compliance with these rules’ requirements.
As of January of this year, OCR had received more than 109,000 HIPAA complaints and opened more than 1,100 compliance reviews since April 2003.
A secret doesn’t stay secret for long. So if you think you can fly under OCR’s radar, change your thinking. Your non-compliance secret will eventually come out, and you will receive the unwanted ramifications of being non-compliant — and your punishment will be harsher if you have willfully neglected HIPAA compliance.
Consequences of Non-Compliance
The ramifications you could face include civil and criminal penalties. The minimum monetary fine is $100 per violation with an annual maximum of $25,000 for repeat violations, while the maximum monetary fine is $50,000 per violation with an annual maximum of $1.5 million. Criminal penalties involve paying a monetary fine and being imprisoned between 1-10 years. Other ramifications include losing the respect of your industry peers, losing the trust and business of your paying clients and experiencing security breaches, which are a headache you don’t want to deal with.
How To Stay HIPAA Compliant
You may think it’s a time-consuming pain to become HIPAA compliant, but it’s more so when you aren’t compliant. So what can you do to become and remain HIPAA compliant?
- Hire HIPAA Privacy and Security Officers.
- Perform a formal HIPAA Security Risk Analysis on a regular basis to ensure requirements are being met internally.
- Implement security breach policies and plans to handle breaches.
- Limit who has access to PHI amongst your employees.
- Take the necessary precautions with paper files, computers and mobile devices that store and send data so they aren’t accessed by the wrong eyes.
- Educate your staff on the HIPAA Security and Privacy regulations.
While flying under OCR’s radar is an option, it’s not a smart option. Don’t risk your business and personal reputation by being non-compliant. Being HIPAA compliant is mandatory, and following the above steps is how you can easily become and remain compliant.