The Health Insurance Portability and Accountability Act of 1996 (HIPAA) includes a number of strict requirements designed to protect patient privacy, as well as rules to assist health providers in complying with national guidelines for electronic health care communications and transactions. In many cases, companies have faced serious fines for failing to adequately comply with HIPAA, especially when the resultant actions compromise confidential patient information.
HIPAA Violations, Company Policy, and Training Requirements
A failure to properly train employees can result in HIPAA violations as occurred with a major cardiac surgery agency. The investigation determined that the company had failed to adequately train its personnel in proper methods of maintaining patient confidentiality. Thus, it is important to ensure that all members who may come in contact with patient information are fully aware of both company and federal privacy policies.
Violations from Accidental Data Loss
In many cases, HIPAA fines can be levied even though the incident was accidental. In one case, an employee left 192 paper records on the subway. The Massachusetts hospital was fined over $1 million in addition to being forced to submit to long-term government oversight.
Higher Penalties For the Willful Violation of the HIPAA.
In another case, a health insurance company denied members access to their own medical records, a right that is mandated by the HIPAA. As a result, the company was initially fined over $1.3 million dollars. However, because the actions were considered willful, rather than accidental, the total fines exceeded $3 million dollars.
This makes it plain that a company must ensure that its policies comply with HIPAA standards. Failure to do so will almost certainly result in increased fines and other sanctions for willful violations of the HIPAA.
HIPAA and Disposing of Patient Records
In addition to the above fines, a major pharmacy chain was fined over $2.25 million dollars for improperly disposing of confidential records in the trash. It is important that any company handling confidential records have comprehensive policies in place to dispose of any records in a way that does not risk releasing confidential patient information.
HIPAA and Encrypting Data.
A very important step to ensuring HIPAA compliance, especially in light of theft or loss of electronic media, is the decision to encrypt all patient records. In an HIPAA case involving the theft of electronic media, a factor in the decision to impose a $100,000 dollar fine on the health provider was the fact that the patient data was unencrypted.
HIPAA compliance demands that employees and management alike become aware of the steps needed to protect patient confidentiality. Failing to do so can result in severe fines and other sanctions on the part of the government.
Got a Question? Call Robert J Russell 972.292.8967