Click me
Transcribed

The High Cost of HIPAA Violations

the HIGH COST HIPAA VIOLATIONS As a part of the "AMERICAN RECOVERY AND REINVESTMENT ACT OF 2009" a civil penalty structure was put in place for Health Insurance Portability and Accountability Act (HIPAA) violations. HIPAA was designed to provide federal protection for personal health information held by covered entities (any entity that transmits health information) and rights with respect to that information. Violations for covered entities and even individuals can be surprisingly high. NOTABLE SETTLEMENTS & PENALTIES Cignet Health $4.3 February 2011 - Cignet Health was fined $4.3 million for failing to provide 41 patients copies of their medical records upon request and subsequently failing to cooperate with an investigation. million EVS Caremark Co. $2.25 February 2009 - CVS was fined $2.25 million for failing to implement adequate policies, procedures and training to safeguard patient information when they disposed of information, such as pill bottle labels. million Blue Oross Blue Shield of Tennessee $1.5 March 2012 - BCBST agreed to pay $1.5 million to settle potential violations after a report that 57 unencrypted computer hard drives containing protected health information of more than 1 million individuals had been stolen. million Mass General Hospital $1 February 2011 - Massachusetts General Physicians Organization, Inc. (Mass General) reached a $1 million settlement agreement for the loss of patient information on a subway. million Phoenix Cardiac Surgery April 2012 - Phoenix Cardiac Surgery, a five-physician practice agreed to pay $100,000 over violations of HIPAA Privacy and Security rules. $100,000 CIVIL HIPAA PENALTIES Jndividual did not know (and would not have known) Due to reasonable cause and not due to wilful neglect MINIMUM PENALTY MAXIMUM PENALTY MINIMUM PENALTY MAXIMUM PENALTY $100 $25,000 $50,000 $1.5 MILION $1,000 $100,000 $50,000 $1.5MIL per violation annual for repeat violations per violation annual for repeat violations per violation annual for repeat violations per violation annual for repeat violations Due to willful neglect but is corrected within the required time period Due to willful neglect and is not corrected MINIMUM PENALTY MAXIMUM PENALTY MINIMUM PENALTY MAXIMUM PENALTY $10,000 $250,000 $50,000 $1.5 MLION $50,000 $1.5MILLON $50,000 $1.5MLION per violation annual for repeat violations per violation annual for repeat violations per violation annual for repeat violations per violation annual for repeat violations CRIMINAL HIPAA PENALTIES OBTAINING PATIENT INFORMATION FOR PERSONAL/COMMERCIAL GAIN OR WITHMALICIOUS INTENT KNOWINGLY OBTAINING OR DISCLOSING IDENTIFIABLE PATIENT INFORMATION ONE YEAR imprisonment $100,000 pine ONE YEAR imprisonment TEN YEARS imprisonment $50,000 pine GAINING PATIENT INFORMATION UNDER FALSE PRETENSES $250,000 fine A Miami hospital employee stole patient information then sold it as a part of an identity theft conspiracy. He was sentenced to two years in prison. The UCLA Health System reached a $865.000 settlement for improperly accessing patient data, including that of its employees and a number of celebrities. The employee responsible was sentenced to four months in prison and a $2,000 fine even though there was no evidence that he did anything with the data other than access it. A doctor and two hospital employees pled guilty to misdemeanors por accessing the records of slain Arkansas FV reporter Anne Pressly and leaking the details to the media. A pederal judge pined them and sentenced them to one year probation. The hospital suspended the doctor's privileges for two weeks and pired the two employees. HOW MANY ORGANIZATIONS ARE BEING INVESTIGATED? Resolutions 8,370 2011 Jnvestigations 3,898 Resolved 2,595 1,303 4,472 Corrected 2,595 1,303 No violation Resolutions 9,158 Jnvestigations 4,929 2010 Resolved 2,703 1,526 4,929 Corrected 2,703 1,526 No violation Resolution agreements are contracts signed by HHS and covered entities where the covered entity agrees to perform certain obligations and make reports to the HHS. Resolutions typically last for three years. AVOID HIPAA VIOLATIONS WITH COMPLIANCE TRAINING FROM inspired eLlearning education for your enterprise Sources: http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html http://www.ama-assn.org/ama/pub/physician-resources/solutions-managing-your-practice/coding-billing- insurance/hipaahealth-insurance-portability-accountability-act/hipaa-violations-enforcement.page http://www.squidoo.com/hipaa-violation-penalties-the-2-types-you-should-be-aware-of- http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/index.html http://www.hhs.gov/ocr/privacy/hipaa/enforcement/data/top5issues.html http://threatpost.com/en_us/blogs/hipaa-bares-its-teeth-43m-fine-privacy-violation-022311 http://www.hhs.gov/news/press/2009pres/02/20090218a.html http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/bcbstagrmnt.html http://www.healthleadersmedia.com/page-1/LED-268308/UCLAHS-Settles-Potential-HIPAA-Violations-for -865500 http://www.ama-assn.org/amednews/2012/04/30/bisd0502.htm http://compliance.med.nyu.edu/news/documenting-inpatient-admissions Infographic by TTASTY PLACEMENT 24

The High Cost of HIPAA Violations

shared by tastyplacement on Jul 16
1,350 views
4 shares
0 comments
The Health Insurance Portability and Accountability Act (HIPAA) introduced stiff penalties for individuals or entities that violate the rights or privacy of an individual's personal health information...

Category

Health
Did you work on this visual? Claim credit!

Get a Quote

Embed Code

For hosted site:

Click the code to copy

For wordpress.com:

Click the code to copy
Customize size