HIPAA Compliance in healthcare has assumed greater importance since the passage of the HITECH Act of 2009, and the regulations implementing the HIPAA provisions of the Act. Consequently, healthcare entities have needed to get serious integrating these regulations into their operations for some time now.
Expansion of HIPAA regulations
The original HIPAA regulations were issued in 2000 and laid the foundation for a national set of requirements to safeguard the:
- Integrity and
- Availability of individually identifiable health information.
Over the years, these HIPAA regulations have been modified and expanded, most recently to cover ePHI (protected health information maintained and transmitted electronically), and to specify requirements for notifying patients in the event of an unauthorized disclosure or breach of security.
Healthcare organizations and medical practices concerned with HIPAA Compliance now face a lengthy list of requirements. Just a few of these include:
- Informing patients about privacy practices
- Securing patient medical records - both paper and electronic
- Conducting a risk assessment of the confidentiality, integrity and availability of ePHI held by the organization
- Updating Business Associate Agreements with vendors and others to whom PHI is disclosed
- Developing policies for breaches and notification to patients and the media
HIPAA Compliance ... and Penalties for violations
HIPAA covered entities may be subject to steep penalties for violating these regulations. For general penalties they range from ...
- A minimum of $10,000 for each violation
- A maximum of $25,000 for each violation
- Wrongful disclosure of ePHI can include a maximum fine of $50,000 and imprisonment of no more than one year.
HIPAA Compliance Consultants
Members of The Fox Group have provided services as healthcare compliance consultants since before the first HIPAA regulations were issued well over a decade ago. The Fox Group is uniquely qualified to assist medical practices and other healthcare organizations in their quest to meet these very specific regulations and to achieve HIPAA compliance.
A sampling of our services include:
- Completing a HIPAA risk assessment covering both the privacy rule and security rule.
- Development and implementation of HIPAA compliance program policies and procedures.
- Provide staff training on their role in HIPAA and adherence to HIPAA law and related employer policies and procedures.