The Health Insurance Portability and Accountability Act (“HIPAA’) is a federal law requiring all covered entities to protect the privacy and security of their patients’ protected health information (“PHI”) and electronic PHI (“ePHI”). It requires covered entities to be prepared to take specific steps should a breach of PHI occur. The term “covered entities” include health care providers, health plans and heath care clearinghouse. To ensure that PHI is protected as required by HIPAA, every covered entity must create and maintain a HIPAA compliance program.
The basic elements of the HIPAA compliance program were introduced in our last eNote. These are:
- HIPAA training;
- Security and privacy risk assessments;
- Policies and procedures (and other supporting documentation); and
- Program implementation, maintenance and refresh.
In this we discuss HIPAA enforcement actions and consequences and how the enforcement actions provide guidance on how medical practices should approach their HIPAA Compliance Program.
HIPAA Enforcement Basics
HIPAA is primarily enforced by the Department of Health and Human Services (“HHS”), Office of Civil Rights (“OCR”). State attorney generals (AGs) may also bring civil actions under HIPAA when violations affect residents of their states.
OCR Enforcement Actions and Monetary Penalties Continue to Increase
Failure to comply with HIPAA has severe financial consequences. HIPAA has the authority to impose civil monetary penalties for failure to comply that range from $100 to $50,000 for each violation capped at $1.5 million for identical violations in a calendar year. Just in 2018, OCR levied over $28 million in fines.
What Medical Guardian Can Do to Help
In complying with the law, our experts created Medical Guardian, an integrated portal for creating and maintaining a HIPAA compliance Program tailored to your practice. Based on years of involvement in HIPAA compliance, the solution is based on all the key provisions called out in the HIPAA regulations.
Medical Guardian’s core features include:
- Security and privacy training for the entire staff
- Assessments of security and privacy Risk
- Next steps for remediation
- Policies & procedures and supporting documentation
- Tools/device to continuously monitor and control access to PHI as well as alert to suspicious activities
- Maintaining and refreshing you HIPAA Compliance Program
Summary
HIPAA enforcement actions are increasingly brought against health care providers of all types and sizes, In fact, smaller practices are arguably are at greater risk. Putting your “head in the sand” or claiming ignorance of the law is NOT a good defense.
Medical Guardian provides you a pragmatic, common sense approach to becoming compliant with HIPAA regulations. By following the necessary steps logically organized by the experts of Medical Guardian, you can now keep your practice in compliance and be prepared should OCR come knocking on your door!
Are you looking for a HIPAA Compliance Program for your practice? Look no further – MicroMD can help. Visit us here or call us today to schedule a free consultation with a cyber security expert at 800-624-8832.