My seminar swings around the country demonstrate that many smaller covered entities are woefully deficient in HIPAA compliance perhaps because, until the past couple of years, DHHS was not aggressively enforcing HIPAA. Such is no longer the case, and any covered entity that is not HIPAA compliant faces tremendous liability.
But many of my seminar attendees express concern that they cannot get management to support their efforts to get their organization HIPAA compliant. So I have written a management white paper for them to take to management to show management why they need to take HIPAA seriously and devote some resources to it.
The white paper discusses the HITECH Act’s increased scope of criminal liability for HIPAA violations, the 17 convictions to date, the Department of Justice Memorandum indicating that management may be criminally liable for the acts of their workforce if management does not have their organization HIPAA compliant and that lack of compliance encourages the perpetrator to commit the crime or fails to prevent a preventable crime.
Then the paper covers the increased civil penalties in the HITECH Act, including raising the maximum fine per violation from $100 to as much as $50,000. And that’s per violation, and DHHS is taking the position that, if you lose a laptop with 1,000 patient charts on it that is not encrypted, that’s not one violation—loss of a device containing protected health information (“PHI”)—it’s 1,000 violations. The paper discusses the $4.3 million dollar fine that Cignet Health had to pay for Privacy Rule violations, the $2.25 million that CVS Pharmacy had to pay for improper disposal of PHI, and the $1 million subway ride that resulted in that fine for an element of Massachusetts General Hospital because an employee left on the subway paper records secured only by rubber bands. The white paper also discusses the HITECH Act’s new federal lawsuit for HIPAA violations and the requirement to report breaches of unsecured (readable) PHI to DHHS and to the individuals who are subjects of the breach.
Finally, the white paper covers the increased audits of covered entities by the Office of the Inspector General (“OIG”) of DHHS—audits that can result in fines and even criminal prosecution.
Yes, covered entities have too many compliance burdens, such as OSHA, preventing Medicare fraud, and the like. But although, in the past, management perhaps could have put HIPAA compliance efforts on the back burner because DHHS was not aggressively enforcing HIPAA, such is no longer the case. Now is the time to get all of the help that you need to become HIPAA compliant as quickly and effectively as possible and, hopefully, the white paper can help you convince management of the need to do so.
The complete white paper is available in the Premium Member section of this website. If you are interested in obtaining access to the Premium Membership section, email Sherry at sherry@veteranspress.com or call her toll-free at 855-341-8783, ext. 303, for details on a reduced price available to our preferred customers.