Are You Unwittingly Violating HIPAA? Are You at Risk of Paying HIPAA Fines?

Are You Unwittingly Violating HIPAA? Are You at Risk of Paying HIPAA Fines?

Rarely does a day go by without hearing of a data breach. For dental offices that must follow HIPAA Regulations, and keep patient’s Protected Health Information (PHI) secure, this is a cause of concern.

As hackers and phishing artists proliferate, a lot is at stake. The bad guys want PHI because they can sell it. You want to protect PHI because you care about your patients and because it’s the law.

How Your Practice Can Be in Violation of HIPAA

No matter how careful you are with PHI, there are some missteps that could leave you vulnerable to an investigation by the Office of Civil Rights, which is in charge of overseeing compliance – or even an investigation by your state’s attorney general, who has the authority to bring civil actions on behalf of state residents for violations of the HIPAA Privacy and Security Rules.

Common Types of HIPAA Violations

1. Mobile Devices

If you allow the use of mobile phones or tablets, you must ensure that any patient data stored on them is encrypted or otherwise protected. This keeps the data secure even if the device is stolen.

2. Risk Assessment

HIPAA requires a regularly performed organization-wide risk assessment to identify possible vulnerabilities to the integrity, confidentiality, and availability of PHI. If you haven’t done this, you leave yourself open to many risks.

3. HIPAA-Compliant Business Associate Agreements

You must have signed agreements that appropriately safeguard PHI with all third parties you work with who may have access to or create PHI. Failure to do so is in violation of the law.

4. Unauthorized Access

If a staff member is curious about a patient and looks at the PHI without authorization, your practice is in violation. If you toss PHI records into the trash, you’re in violation. Safeguard your practice by implementing an authorization system and training staff in how to handle PHI.

Alarming Facts About HIPAA Violations

More than 870,000 patient records were breached just in July 2018 and more than 562,700 in August 2018.

Since the HIPAA Privacy Rule was implemented, the Office of Civil Rights, in charge of enforcing the law, has collected $78,829,182 in fines.

Aetna will need to pay nearly $17.2 million after patient privacy was violated and it dealt with outside counsel without a signed HIPAA Business Associate Agreement.

Joseph Beck, the first dentist fined for HIPAA violations paid $12,000 for mishandling patient files. The fine was imposed by the Indiana’s Attorney General Office.

So, What Can Happen?

You and your practice could be subject to civil and criminal fines. Your practice’s reputation could end up in the toilet.

Make sure you know how to protect the PHI entrusted to you.

4 Tiers of HIPAA Civil Fines

There are four tiers of HIPAA civil fines.

Tier 1

  • Unaware of violation and by using reasonable due diligence was unaware of violation.
  • Fine per violation $100 to $50,000.
  • Maximum of $1.5 million per year.

Tier 2

  • Belief that transgressor knew or should have known of violation.
  • Fine per violation of $1,000 to $50,000.
  • Maximum of $1.5 million per year.

Tier 3

  • Willful neglect of HIPAA rule, but remedied within 30 days.
  • Not being aware of the law or what you need to do, isn’t an excuse. It’s still a willful neglect.
  • Fine per violation of $10,000 to $50,000.
  • Maximum of $1.5 million per year.

Tier 4

  • Willful neglect of HIPAA rule and no effort to correct within 30 days.
  • Fine per violation of $50,000.
  • Maximum of $5 million per year.

2 Tiers of Criminal HIPAA Violations

Even if you are not directly liable for a violation, you could be charged with aiding, abetting, or conspiring to violate the law. This can come with criminal fines – even prison.

  1. At the lowest level of HIPAA violation, you could be assessed a fine of up to $50,000 and/or up to one year in prison.
  2. At the higher end, your fine could rise up to $100,000 and/or up to five years in prison.

Keep PHI Safe in The Complete Cloud™

When you choose The Complete Cloud™, you’re protecting yourself from HIPAA violations – and the subsequent fines, penalties, hassles, and derogatory after effects.

Find out how we keep you and your PHI safe, and when you’re ready to take the next step, give us a call at 877-627-0787.

No Comments

Post A Comment