HIPAA Compliance for Medical Practices
65.0K views | +1 today
Follow
HIPAA Compliance for Medical Practices
HIPAA Compliance and HIPAA Risk management Articles, Tips and Updates for Medical Practices and Physicians
Your new post is loading...
Your new post is loading...
Scoop.it!

HIPAA Enforcement Trends for 2017

HIPAA Enforcement Trends for 2017 | HIPAA Compliance for Medical Practices | Scoop.it

Since the start of 2017 alone, HIPAA enforcement trends have indicated that this could be the most costly year for fines in history.

HIPAA, as a regulation, is managed by the Department of Health and Human Services (HHS). HHS designs and enacts policy and guidance about emerging trends in health care IT, patient privacy, and data security. The Office for Civil Rights (OCR) is the HHS body responsible for HIPAA enforcement and investigation.

HIPAA Fines by Year

OCR has been cracking down on HIPAA enforcement significantly in the past few years.

Compare these HIPAA fine totals by year:

  • 2015: $6,193,000
  • 2016: $23,504,800
  • 2017: $17,093,200

So far, in the first six months of 2017 alone, fines have increased by almost 300% over 2015’s fine total. And if the trend continues, 2017 is very likely to outpace 2016’s record-breaking $23 million as well.

Why the Increase in HIPAA Enforcement?

When OCR begins a HIPAA investigation for a violation or breach, it can take 3-4 years to reach settlement with the organization under investigation.

Four years ago in 2013, HHS released its Omnibus Rule. The Omnibus Rule made it mandatory for HIPAA business associates to be compliant with HIPAA regulation. For background: a covered entity is a health care provider, and a business associate is a vendor hired by that provider.

In the past year, many of the multi-million dollar fines levied by OCR have been the direct result of BA non-compliance. If a covered entity shares health care information with a BA without first executing a business associate agreement, the sharing of that data is considered a violation of HIPAA and is subject to significant fines. In cases where OCR detects “willful neglect” of HIPAA regulation, fines can reach up to $50,000 per incident.

With HIPAA enforcement trending toward stricter and more severe financial penalties for improper relationships with BAs, it’s no wonder why fines have been steadily increasing year after year. Now that some of the major OCR investigations involving BA non-compliance have started reaching settlement, behavioral health providers need to ensure that their relationships with their vendors are lawful under the HIPAA Omnibus Rule.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

OCR Releases New HIPAA Breach Reporting Tool for “Wall of Shame”

OCR Releases New HIPAA Breach Reporting Tool for “Wall of Shame” | HIPAA Compliance for Medical Practices | Scoop.it

Earlier this week, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released a redesigned HIPAA Breach Reporting Tool on their site.

The HIPAA Breach Reporting Tool is commonly called the “Wall of Shame” because it lists all organizations that have had health care data breaches affecting more than 500 individuals that have occurred since enforcement began. The Wall of Shame is a searchable, permanent database of HIPAA violations maintained by OCR.

The new Breach Reporting Tool allows you to search the full archive of breaches, and gives access to an “Under Investigation” tab. The tool has been redesigned to make it easier than ever before to look through OCR’s investigation history. This makes the consequences of a data breach or HIPAA violation a permanent reputational issue for your organization–especially now that prospective patients are doing more and more research into behavioral health specialists they’re looking to work with.

Protecting your practice with a HIPAA compliance program is an essential way to keep your name off the Wall of Shame. Below, we take a look at exactly what the regulation requires so you know what to look for in a HIPAA compliance program for your practice.

The HIPAA Breach Notification Rule

HIPAA breach reporting and breach notification are essential parts of any organization’s HIPAA compliance. HIPAA breach reporting is regulated by the HIPAA Breach Notification Rule, which was first enacted in 2009 along with the HITECH Act.

The HIPAA Breach Notification Rule categorizes data breaches into two categories with specific requirements for follow-through on each. The two kinds of breaches that the Breach Notification Rule identifies are:

  • Minor Breach: any breach of protected health information that affects fewer than 500 individuals. Individuals must be notified of the breach within 60 days of discovery of the breach. ALL minor breaches that have occurred over the course of the year must be reported to OCR NO LATER than 60 days after the end of the calendar year. This date usually falls on March 1st or February 29th.
  • Meaningful Breach: any breach of protected health information that affects more than 500 individuals. Individuals must be notified within 30 days of the discovery of the breach, and local media must also be notified of the breach. Meaningful breaches must be reported to OCR immediately, within 60 days of the discovery of the breach itself.

Trends in HIPAA Enforcement

In January of 2017, OCR levied its first fine for a violation of the HIPAA Breach Notification Rule in the history of HIPAA enforcement.

The fine was levied against Presence Health, one of the largest health care networks in Illinois. The organization was fined $475,000 after more than 500 individuals were implicated in a meaningful breach. Over the course of its investigation, OCR found that Presence failed to notify the individuals within the 60 days mandated by the Breach Notification Rule.

This is just one example of the recent trend in unconventional HIPAA enforcement efforts that have been targeting health care professionals of all kind across the country.

The best way to mitigate your risk of being targeted by these breaches is to adopt a total HIPAA compliance program in your organization that addresses the full extent of the law. Don’t get caught unprepared!

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.