HIPAA Compliance just grew some teeth. Really, it all started when the Health Information Technology for Economic and Clinical Health Act was signed into law in 2009 – however HITECH Act did not take effect until 2010. The purpose of HITECH was to encourage the adoption and meaningful use of technology as it pertains to health information. It was only reasonable that the United States Department of Health & Human Services introduce law that would ensure the privacy of individual health information, considering many facilities have made paper records a thing of the past. For those not dealing with the electronic transmission of health information properly, HITECH Act paves the road for serious consequences; HITECH provides the provision that strengthens the civil and criminal enforcement of the HIPAA rules.
Fines from $100 per violation to $1,500,000 maximum per calendar year can be imposed under HITECH Act. Monetary fines are based on tiers. Each tier is meant to punish violations based on an increasing level of capability by the offender; the penalty will be decided based on the nature and the extent of the violation and the nature and the extent of the harm resulting from the violation. If you are one of the entities ( i.e. health care physicians, health care services, businesses with health care plans, etc.) mandated to be in compliance with HIPAA you could be liable for monetary penalties enforced by HHS along with criminal penalties, enforced by the United States Department of Justice.
Fines and the threat of going to jail are a couple major reasons why a covered-entity would want to stay HIPAA compliant, however the reputation of your company should be enough. Improperly disposing of health records can land you on the front page of the news, which is the last thing a company or practice needs. High monetary fines are making those that are required to be HIPAA compliant think twice. The high fines levied on HIPAA violators reflect the importance of safeguarding protected health information. Faced with the looming threat of steep fines from failing to meet HIPAA data breach requirements, the health service industry is seeking ways to make sure they are HIPAA compliant.
There are a host of methods in which a facility or company can ensure compliance. These methods range anywhere from hiring an attorney to guide you through compliance, attending seminars, having a consultant visiting your facility, or purchasing software or other such compliance tools to guide you through the process. It would be a large project for anyone to dig in to all the HIPAA regulations and administrative compliance. Finding help is definitely worth it. Just remember, whatever system is chosen, it is critical to make sure any staff dealing with patients or clients are trained in a uniform, facility specific, HIPAA compliance procedure. While the process seems like a daunting task, it is important when you consider the repercusions from the D.O.J. or H.H.S, should they pay your company a visit.