Healthcare and HIPAA Compliance Review
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA), was enacted by Congress in 1996. It requires the Department of Health and Human Services (DHHS) to adopt security standards of protecting patient information. The standards are meant to improve the efficiency and effectiveness of the health care system by encouraging the use of Electronic Data Interchange (EDI).
DHHS divided the standards into the following categories:
- Administrative Safeguard - policies and procedures designed to clearly show how the entity will comply with the
- Physical Safeguard - controlling physical access to protect against inappropriate access to protected data
- Technical Safeguard - controlling access to computer systems and enabling covered entities to protect communications containing patient health information transmitted electronically over open networks from being intercepted by anyone other than the intended recipient
Who is affected by HIPAA regulations?
HIPPA affected all health care organization
Are there penalties for violating HIPAA regulations?
Yes, there penalties for non-compliant organization. Here are a few examples of the penalties:
- Civil Penalty of up to $100 per person per violation and up to $25,000 per person during the calendar year.
- A person described in subsection (a) shall: (1) be fined not more than $50,000, imprisoned not more than 1 year, or both; (2) if the offense is committed under false pretenses, be fined not more than $100,000, imprisoned not more than 5 years, or both; and (3) if the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, be fined not more than $250,000, imprisoned not more than 10 years, or both.