While many companies express a desire to effectively manage HIPAA requirements, they’re worried they’re not always doing it perfectly.
By now, I think everyone has signed (or ticked the box if your doctor uses a tablet) a HIPAA form. Most of us know it has “something” to do with privacy, but we simply sign the form and then shuffle back to a seat to await our appointment.
For those of you who provide healthcare services; it’s not as simple as that.
Everyone in the healthcare industry knows about HIPAA (the Health Insurance Portability and Accountability Act, passed in 1996). The goal of the law is simple – to safeguard patient health information. The law dictates how protected health information (PHI) can be shared, when it can be shared, and with whom it can be shared.
As a patient, it’s heartening to hear our customers and potential customers in healthcare (down to small practices with two or three physicians) want to understand how technology (copiers, document management, and workflow especially) can help to more efficiently manage this protected information. That makes me feel like my doctor – and other providers – care about protecting my privacy.
On the other hand, while many companies express a desire to effectively manage HIPAA requirements, they’re worried they’re not always doing it perfectly. Hand in hand with that is a general misunderstanding of what can happen to a practice that is found to be non-compliant with HIPAA.
The following is a snapshot of information from the HIPAA Journal and reinforces why Healthcare Providers CANNOT be flippant regarding HIPAA (and HITECH) compliance – the potential for costly fines and even criminal penalties can’t be ignored.
HIPAA Violation Categories
The four categories used for the penalty structure are as follows:
- Category 1:A violation which the CE was unaware of and could not have realistically avoided, had a reasonable amount of care had been taken to abide by HIPAA Rules
- Category 2:A violation that the CE should have been aware of but could not have avoided even with a reasonable amount of care. (but falling short of willful neglect of HIPAA Rules)
- Category 3:A violation suffered as a direct result of “willful neglect” of HIPAA Rules, in cases where an attempt has been made to correct the violation
- Category 4:A violation of HIPAA Rules constituting willful neglect, where no attempt has been made to correct the violation
HIPAA Violation Penalties
- Category 1:Minimum fine of $100 per violation up to $50,000
- Category 2:Minimum fine of $1,000 per violation up to $50,000
- Category 3:Minimum fine of $10,000 per violation up to $50,000
- Category 4:Minimum fine of $50,000 per violation
HIPAA Violation Criminal Penalties
The tiers for Criminal HIPAA penalties are:
- Tier 1: Reasonable cause or no knowledge of violation – Up to 1 year in jail
- Tier 2: Obtaining PHI under false pretenses – Up to 5 years in jail
- Tier 3: Obtaining PHI for personal gain or with malicious intent – Up to 10 years in jail
Datamax delivers a variety of Document Workflow and Document Management solutions and services to help organizations comply with the many regulatory requirements established by HIPAA and HITECH, especially given the most recent Final Rule governing privacy and security.
Our capabilities will allow you to faithfully:
- manage sensitive patient records through authentication, encryption, and other solutions addressing HIPAA-mandated requirements,
- monitor access, use, and distribution of documents to minimize exposure to costly and damaging data breaches, and
- safeguard PHI on MFP devices (Multifunction Printers) with hard drive encryption, timed data deletion, and network security settings.
Could your Healthcare organization use additional assistance or better focus with tightening up workflow, information security, and regulatory compliance? We would love to vist!
1Source: More details on HIPAA Violations can be found at: http://www.hipaajournal.com/what-are-the-penalties-for-hipaa-violations-7096/