Are You at Risk of Being Fined Under HIPAA?

With fines ranging from $100 to $50,000 per violation it is important to frequently monitor your HIPAA compliance and keep your organization in check. There are three key reasons organizations are fined under HIPAA. The policies and procedures in place are either not enough to protect, or they are not being followed, the organization has not done a meaningful Risk Assessment and a Business Associate Agreement is not in place. When just one employee’s actions can result in a HIPAA violation, it is vital to reinforce and educate continuously.

HIPAA regulations require regular security risk assessments. Regardless of its legal necessity, performing this assessment allows you to uncover any vulnerabilities that could lead to a breach. Identifying your weakness is the first step in minimizing your risk of being fined under HIPAA.

Training and educating your employees is one of the most important forms of breach prevention. The majority of HIPAA breaches are caused by a single employee accidentally violating confidentiality. Ensure all of your employees are trained in how to safely access and transfer data according to procedure as well as regularly auditing access permissions for all users in your network.

If your organization works with any associates that have accessibility to confidential data, without a Business Associates Agreement, you are liable for a breach. Having a Business Associates Agreement in place ensures you will not be held responsible for a mistake made by an associate. This is a simple and easy way to protect your organization.

Respond immediately to any suspected breach and report a known breach as soon as you are aware. It is always best to be safe and report the breach, rather than end up wishing you had.

Here are some stats that might make your check book cringe:

As of July 31, 2016 the OCR had received over 137,770 HIPAA complaints and initiated over 885 compliance reviews.

Entity Settlement Date Key Allegations

Care New England Health System (CNE)

$400,000 + September 23, 2016 Business associate agreements not up to date

Advocate Health Care Network

$5,550,000 August 4, 2016

Policies and procedures lacking, Insufficient risk assessment, Lack of business associate agreements

University of Mississippi Medical Center

$2,750,000 July 21, 2016

Policies and procedures lacking

Oregon Health & Science University

$2,700,000 July 18, 2016

Policies and procedures lacking, Insufficient risk assessment, Lack of business associate agreements

Catholic Health Care Services of the Archdiocese of Philadelphia

$650,000 June 29, 2016

Policies and procedures lacking, Insufficient risk assessment

New York Presbyterian Hospital

$2,200,000 April 21, 2016

Disclosure of two patients’ PHI to film crews and staff during the filming of television series

Raleigh Orthopedic Clinic, P.A.

$750,000 April 19, 2016

Lack of business associate agreements

Feinstein Institute for Medical Research

$3,900,000 March 17, 2016

Policies and procedures lacking

North Memorial Health Care of Minnesota

$1,550,000

March 16, 2016

Policies and procedures lacking, Insufficient risk assessment, Lack of business associate agreements

Don’t leave your organization vulnerable when comply with HIPAA can be simple with planning. Turn to Crossroads Technologies for help with all of your healthcare organization’s IT needs and Compliance advisory.

 

 

Advertisements