Stiff Penalties With HIPAA & HITECH Act Non-Compliance

Brad Baker
September 28, 2012 — 1,305 views  
Become a Bronze Member for monthly eNewsletter, articles, and white papers.

HIPAA Compliance just got tough. Really, it all started when the Health Information Technology for Economic and Clinical Health Act was signed into law in 2009 - however HITECH Act did not take effect until 2010. HITECH was meant to promote the adoption and meaningful use of health information technology. Being that we are in the electronic age, it's only appropriate that the United States Department of Health & Human Services introduce law that would ensure the privacy of individual health information. For those not dealing with the electronic transmission of health information properly, HITECH Act paves the road for serious consequences; HITECH provides the provision that strengthens the civil and criminal enforcement of the HIPAA rules.

Fines from one-hundred dollars per violation to one and a half-million dollars maximum per calendar year can be imposed under HITECH Act. Monetary fines are based on tiers. Each tier is meant to punish violations based on an increasing level of capability by the offender; the penalty will be decided based on the nature and the extent of the violation and the nature and the extent of the harm resulting from the violation. If you are one of the covered-entities required to be HIPAA compliant you could be subject to civil (money penalties) enforced by the Department of Health and Human Services, and or criminal penalties, enforced by the U.S. Department of Justice.


In addition to the possibility of monetary fines and imprisonment , you might consider how important your companies reputation is - that in itself should be incentive enough to stay HIPAA compliant. Being the cause of identity theft or exposing patients records to the public is the last thing a practice or company wants to be known for. The high monetary fines can make a covered-entity a bit uneasy. The importance of keeping protected health information safe is reflected in the high fines being imposed on those that are in violation of HIPAA. The health industry is looking for ways to ensure HIPAA compliance due to the real threat of high fines resulting from a breach of HIPAA requirements.

A facility can ensure compliance in numerous ways. These methods range anywhere from hiring an attorney to guide you through compliance, attending seminars, having a consultant visiting your facility, or purchasing software or other such compliance tools to guide you through the process. It would be a huge activity for anyone to dig in to all the HIPAA regulations and administrative compliance. Finding help is definitely worth it. The goal is to makes sure all staff is trained in the same fashion, on a facility specific HIPAA compliance program. While the process seems like a daunting task, it is important when you consider the repercusions from the D.O.J. or H.H.S, should they pay your company a visit.

Brad Baker