HIPAA, Health Insurance Portability
and Accountability Act of 1996, governs the
protection, use and disclosure of individuals'
health information. HIPAA is enforced by the
Department of Health and Human Services (HHS) and
the Office for Civil Rights (OCR).
More information
on HIPAA Compliance can be found
here.
Colada Systems can assist you in
locking down your data on various server platforms
and review your current business process to ensure
you are conducting business in a safe and practical
manner.
Standards Based
Enforcement
As of
September 30, 2007 HHS/OCR has investigated
and resolved over 5,149 cases by requiring
changes in privacy practices.
In
another 2,519 cases the investigation found
no violation had occurred.
The rest
of the completed cases (16,428)
HHS determined the complaint was not
eligible for enforcement.
The most
common entities required to take corrective
action in order of frequency are:
Private Practices
General Hospitals
Outpatient Facilities
Health Plans (insurers)
Pharmacies
References
1.
US Department of Health and Human Services.
Privacy - Compliance and Enforcement
Website
Penalties
Failure To Comply
HIPAA
allows for both civil and criminal
penalties, including fines and possible
imprisonment. The Office of Civil Rights of
the Department of Health and Human Services
enforces civil violations, and the
Department of Justice enforces criminal
violations of the HIPAA Standards.
Civil
penalties are typically monetary fines.
HIPAA allows fines of up to $100 for each
violation to a limit of $25,000 per year for
violations of the same requirement.
Criminal
sanctions for intentional misuse or
disclosure of PHI carry fines of $50,000 to
$250,000 and one to ten years imprisonment.
