Why HIPAA Risks are Growing Every Day

If you’re a healthcare employee, you already know alot about the HIPAA Rules.  You’ve probably received training on how to protect Health information, and have heard about
all the fines being levied against everything from small hospices to the largest hospitals (like Massachusetts General Hospital).

Because HIPAA is a federal law, there are expensive penalties involved in HIPAA mistakes (breaches).  Fines have ranged from millions of dollars to $50,000.  Here are just a few of the recent fines.

Shasta Regional Medical Center – $ 275,000,    June 2013
Hospice of Northern Idaho          $   50,000,    January, 2013
BCBS Tennesee –                      $ 1,500,000     March 2013
State of Alaska –                         $ 1,700,000,    June 2012
Phoenix Cardiac Surgery –           $  100,000     April 2012
Mass General Hospital –             $ 1,000,000     February 2011

There have been dozens of other fines, many in the millions of dollars, and, with the passage of the new HIPAA Omnibus Rule, which takes effect on September 24, 2013,
there will be many more.

If you are a healthcare organization, you need to address the risk of a potential HIPAA Fine.
And the fines not the worst part,  because the “resolution agreement” you sign, forces
your organization to file all sorts of quarterly reports, meet with regulators for years to come, and those ongoing activites are even more expensive than the fine!

The Office of Civil Rights (part of the U.S. Dept. of Health and Human Services), is self-funded from these fines, and they use the money from the fines to start even MORE enforcement activities.

The basics you need to have in place to reduce the risk of a HIPAA fine include 1) having a Risk Analysis done in the past 12 months, 2) having HIPAA Training conducted annually for EVERY employee, 3) Updating all your Business Associate agreements, 4) developing a robust security awareness program, just to name a few.

HIPAA compliance-related fines are a risk that should be considered by every healthcare organization, no matter how big or how small, because your bottom line, AND your reputation may depend on it!

This entry was posted in Compliance, HIPAA, HIPAA fines, HIPAA Risk Analysis, HIPAA Risk-Pro, Managing the Risk Assessment, Medical Records, risk assessment, Risk Assessment & Compliance, RiskAlert and tagged , , , , , by Caroline Ramsey-Hamilton. Bookmark the permalink.

About Caroline Ramsey-Hamilton

Caroline Ramsey-Hamilton is a leading expert in assessing security risk in both information security and facilities security including security risk assessments, active shooter and security risk assessments for hospitals and healthcare organizations, cybersecurity, nuclear security, and also auditing, analyzing and measuring compliance with all major security standards, like DHS, FEMA 426-428, The Joint Commission, HIPAA Security & Privacy Rules, the HIPAA Omnibus Rule, and OSHA 3148 for Preventing Workplace Violence. And including both C-TPAT and CFATS. She is currently working on a universal set of easy security tools that will make it easy to assess risk in a variety of companies, agencies and business. Her company, Risk & Security LLC, works with more than 500 clients around the world using a program that standardizes site surveys and assessments and makes it easier to compare facilities and measure their level of security. She posts breaking security & risk alerts at www.twitter.com/riskalert. She's also an animal lover and tree hugger, and musician who loves dogs, horses, kitties, house rabbits, parrots, and especially beagles! I support www.brewbeagles.org and other animal rescue organizations and work toward a more peaceful and green world.

Leave a Reply