The Health Insurance Portability and Accountability Act (HIPAA) was designed by the federal government in 1996, in order to enhance the security and confidentiality of heath care treatment information. Since its inception, HIPAA has already established a vast affect how sensitive patient data is handled within the healthcare industry. The incredible importance of being HIPAA compliant can't be overemphasized, because failure to stick to the regulations may result in hefty fines, or prison terms.
Who has to be compliant?
Under HIPAA, covered entities and work associates are mandated to be sure the privacy of protected health information (PHI). Covered entities include healthcare providers including hospitals and physician practices, in addition to health plans, and health plan clearing houses. Business associates talk about companies that perform services for just a covered entity, and thus have to receive, maintain, or transmit PHI.
HIPAA Compliance
HIPAA contains comprehensive requirements for businesses that hold PHI. They are necessary to give special focus to safeguarding the physical security from the data, as well as, use of PHI needs to be limited to key personnel. Administrators should be aware of potential threats, and regular security updates are expected to identify possible dangers resulting from phishing scams and data hacking.
Covered entities should put a well-balanced compliance put in place, and make sure that the relevant personnel are aware about HIPAA requirements. They should also evaluate their security controls periodically, make certain that PHI is encrypted. Data that may be encrypted can't be accessed when it is lost or stolen.
Being HIPAA compliant is essential, since it ensures that a covered entity is prepared inside event of an HIPAA audit or investigation.
HIPAA audits
HIPAA comes with a audit program that randomly selects covered entities with an audit. Audits are executed by the Office of Civil Rights (OCR) from the Department of Health and Human Services (HHS). OCR is liable for enforcing HIPAA's security and privacy regulations.
The purpose from the audit would be to assess compliance with HIPAA's privacy and security rules, along with with Breach notification rules. The Breach notification rule stipulates that in case there is a security breach in terms of PHI, the covered entity or business associate must advise the affected person about the incident. The Department of Health and Human Services and OCR may also be to be informed.
The HIPAA audit looks at the processes and operations in the covered entity. It pays being HIPAA compliant, because any violations or breaches unearthed during an audit may warrant an investigation. If the audit reveals there's reasonable provocke suggest which the provisions of HIPAA are already violated, OCR might open an investigation.
HIPAA investigations
HIPAA may accomplish an investigation in line with the adverse findings of the random audit, maybe in response to a complaint being filed against a covered entity. Complaints are filed with OCR. The law requires which the covered entities co-operate while using investigation.
HIPAA investigations might be best handled by medical attorneys which are fully conversant with HIPAA regulations. However, firms that are HIPAA compliant can mount a plausible defense when they are faced with an investigation.
Consequences of HIPAA Violations
HIPAA violations correspond with:
• Breach of privacy in terms of PHI,
• Violation from the security rule for PHI residing in an electronic format,
• Lapses in notification
There are very different categories of violations as well as varying tiers of civil and criminal penalties under HIPAA. Monetary penalties cover anything from $100 - $50,000. In cases where a covered entity is known to have exercised reasonable diligence and wasn't aware from the breach, the penalty may consist of $100 to $50,000 per violation. However, if 'wilful neglect' is resolute, the charge is $50,000, as there are an annual maximum of $1.5mil.
Criminal penalties are applicable in instances where PHI is released under false pretenses, and for malicious reasons. Jail sentences range between 1year to a decade.
Covered entities also face additional costs in working with HIPAA investigations, and in terms of breach notifications and corrective actions.
Now which you understand the significance about being HIPAA compliant, check to ensure that this compliance program you've on stream is adequate. You can enlist the assistance of reputable healthcare attorneys Nelson Hardiman, of Los Angeles, CA, to deliver oversight for the Compliance Program. Call 310-203-2800 now to speak to an attorney at law.
Tidak ada komentar:
Posting Komentar