HIPAA Compliance and Your Practice: Part 3 of 3

Is your practice HIPAA compliant?

If you’re not quite sure how to answer that question, then it’s likely that your practice isn’t. Unfortunately, ignorance is no defense when it comes to HIPAA violations.

But don’t let that discourage you. It’s never too late to start tightening up your HIPAA compliance efforts. Here are a few things you may want to look into as you get started:

• Risk Assessment. Know where your organization stands when it comes to HIPAA compliance by conducting rigorous security audits and creating remediation plans based on what you find.

• HIPAA Training. Your entire workforce needs more than just a seminar on what HIPAA is. You need a program that educates your staff, tracks their progress, and keeps them updated on the latest news from the HHS.

• Incident Management. Avoid HIPAA violations and the hefty fines they come with by having a streamlined system on how to closely track and promptly report incidents.

• Audit Response. Stay calm and at peace during government audits by knowing which reports to prepare and what information to provide.

What happens if you break HIPAA rules? 

According to HIPAA Journal, the outcomes of breaking HIPAA rules and regulations will depend on the severity of the violation. It will also depend on factors such as the nature of the violation, knowledge of it being committed, response to correct it, malicious intent, and impact of the violation.

Here are potential outcomes if you are found to have violated HIPAA rules:

• Internal repercussions within the organization
• Termination of employment
• Sanctions from professional boards
• Civil penalties
• Criminal charges

Because the outcome depends on the severity of the violation, the Office for Civil Rights (OCR) may opt to resolve certain HIPAA violations using non-punitive measures. However, if violations are found to be more serious, penalties are imposed.

As stated in HIPAA Journal, the categories used to determine the penalties are as follows:

• Tier 1. A violation that the covered entity was unaware of and could not have realistically avoided had a reasonable amount of care had been taken to abide by HIPAA Rules. Minimum fine of $100 per violation up to $50,000.

• Tier 2. A violation that the covered entity should have been aware of but could not have avoided even with a reasonable amount of care (but falling short of willful neglect of HIPAA Rules). Minimum fine of $1,000 per violation up to $50,000.

• Tier 3. A violation suffered as a direct result of “willful neglect” of HIPAA Rules in cases where an attempt has been made to correct the violation. Minimum fine of $10,000 per violation up to $50,000.

• Tier 4. A violation of HIPAA Rules constituting willful neglect where no attempt has been made to correct the violation. Minimum fine of $50,000 per violation.

The worst-case scenario? You could face fines of up to $1.5 million per year and jail time of up to ten years.

These things may sound overwhelming...that’s because they really can be if you go through everything by yourself.

HIPAA compliance is a serious matter and the road to getting that HIPAA Seal of Compliance can be long and rough. But the good news is that you don’t have to go through it alone!

Your HIPAA Compliance Partner

As an established managed service provider for healthcare practices, ER Tech Pros is equipped with the IT, cloud, and compliance technology to make sure your clinic data is secure and your practice is compliant.

With our Compliance Management services, your practice is not only trained and up to date on the latest HIPAA news, you’re also equipped to avoid potential breaches, prepared to deal with incidents, and ready to respond to government audits.