HIPAA Violations Will Soon Be More Expensive

The U.S. Department of Health and Human Services (HHS) intends to use higher fines and a new round of audits to send a strong message to the healthcare industry about complying with the Health Insurance Portability and Accountability Act (HIPAA).

Jerome B. Meites, a chief regional civil rights counsel at HHS, expects "the past 12 months of enforcement to pale in comparison to the next 12 months." His recent comments signal more aggressive punishment for privacy breaches and security lapses, and a more extensive HIPAA audit strategy by HHS’ Office of Civil Rights (OCR).

Meites noted the enormous number of complaints to OCR about lost or stolen unencrypted devices or media. Despite OCR’s continuous warnings to covered entities and their business associates about their obligation to ensure the security of information on these devices, many have yet to perform a comprehensive risk assessment and remain unaware of the potential dangers. Meites emphasized the government's concern about these issues, stating that both portable-media devices and an entity's failure to perform a comprehensive risk assessment were factors in many data-breach cases that resulted in significant financial settlements.

Risk-assessment procedures are expected to be a primary focus when OCR continues its HIPAA compliance audit program later this year. OCR has identified approximately 1,200 companies — about 800 covered entities (healthcare providers, insurers and clearinghouses) and 400 business associates — for potential HIPAA audits.

Enhanced enforcement efforts and the new round of audits highlight the importance of complying with the strict standards imposed by HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act for the protection and privacy of certain health information.

Entities can help avoid increased regulatory scrutiny and potential costly violations by ensuring they have both a strong HIPAA training program and a well-informed workforce.

[View source.]

Topics:  Enforcement, Enforcement Actions, Healthcare, HHS, HIPAA, OCR

Published In: Health Updates, Privacy Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© WeComply, a Thomson Reuters business | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »