HIPAA Compliance has assumed greater importance with the passage of the HITECH Act of 2009, and the regulations implementing the HIPAA provisions of the Act.
The original HIPAA regulations laid the foundation for a national set of requirements to safeguard the:
- Confidentiality
- Integrity and
- Availability of individually identifiable health information.
Expansion of HIPAA regulations
Over the years since the first HIPAA regulations were issued in 2000, the regulations have been modified and expanded, most recently to cover ePHI (protected health information maintained and transmitted electronically), and to specify requirements for notifying patients in the event of an unauthorized disclosure or breach of security.
Healthcare organizations and medical practices seeking to come into Compliance with HIPAA regulations now face a lengthy list of requirements. Just a few of these include:
- Informing patients about privacy practices
- Securing patient medical records – both paper and electronic
- Conducting a risk assessment of the confidentiality, integrity and availability of ePHI held by the organization
- Updating Business Associate Agreements with vendors and others to whom PHI is disclosed
- Developing policies for breaches and notification to patients and the media
 |
| Free Business Associate Agreement Template |
Penalties for HIPAA violations
HIPAA covered entities may be subject to steep penalties for violating these regulations. For general penalties they range from …
- A minimum of $10,000 for each violation
- A maximum of $25,000 for each violation
- Wrongful disclosure of ePHI can include a maximum fine of $50,000 and imprisonment of no more than one year.
Our HIPAA Consultants specialize in healthcare
Members of The Fox Group have provided services as healthcare compliance consultants since before the first HIPAA regulations were issued over a decade ago. The Fox Group is uniquely qualified to assist medical practices and other healthcare organizations in their quest to comply with these very specific regulations. A sampling of our services include:
- Completing a HIPAA risk assessment covering both the privacy rule and security rule.
- Development and implementation of HIPAA compliance program policies and procedures.
- Provide staff training on their role in HIPAA and adherence to HIPAA law and related employer policies and procedures.
