HIPAA Violations Will Soon Be More Expensive


The U.S. Department of Health and Human Services (HHS) intends to use higher fines and a new round of audits to send a strong message to the healthcare industry about complying with the Health Insurance Portability and Accountability Act (HIPAA).

Jerome B. Meites, a chief regional civil rights counsel at HHS, expects "the past 12 months of enforcement to pale in comparison to the next 12 months." His recent comments signal more aggressive punishment for privacy breaches and security lapses, and a more extensive HIPAA audit strategy by HHS’ Office of Civil Rights (OCR).

Meites noted the enormous number of complaints to OCR about lost or stolen unencrypted devices or media. Despite OCR’s continuous warnings to covered entities and their business associates about their obligation to ensure the security of information on these devices, many have yet to perform a comprehensive risk assessment and remain unaware of the potential dangers. Meites emphasized the government's concern about these issues, stating that both portable-media devices and an entity's failure to perform a comprehensive risk assessment were factors in many data-breach cases that resulted in significant financial settlements.

Risk-assessment procedures are expected to be a primary focus when OCR continues its HIPAA compliance audit program later this year. OCR has identified approximately 1,200 companies — about 800 covered entities (healthcare providers, insurers and clearinghouses) and 400 business associates — for potential HIPAA audits.

Enhanced enforcement efforts and the new round of audits highlight the importance of complying with the strict standards imposed by HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act for the protection and privacy of certain health information.

Entities can help avoid increased regulatory scrutiny and potential costly violations by ensuring they have both a strong HIPAA training program and a well-informed workforce.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomson Reuters Compliance Learning | Attorney Advertising

Written by:


Thomson Reuters Compliance Learning on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.