The Who and How of HIPAA Enforcement
Whenever we talk about the Health Insurance Portability and Accountability Act (HIPAA), it is always assumed that there is an enforcement aspect, though enforcement is rarely clearly discussed.
With HIPAA enforcement, healthcare organizations protect, safeguard and provide security to the personal healthcare details and health records of their customers (members, patients, and consumers). The best thing about HIPAA compliance is that healthcare organizations are fined with heavy fines and other penalties if they violate the codes and standards set by the Health Insurance Portability and Accountability Act.
Rules for Health Insurance Portability and Accountability Act (HIPAA) are set by HHS. The enforcement of HIPAA is carried out by the Office of Civil Rights (OCR) within HHS. The responsibility of investigating complaints is given to OCR (Office of Civil Rights). It is the duty of the Office of Civil Rights to check and investigate if the health care organizations and business associate of a covered entity work accordingly with HIPAA compliance. It is recommended that all organizations have to comply with HIPAA security and privacy rule. On investigation, it is checked if the healthcare organization is in violation of HIPAA rules or not. If the organization is not violating the rules, the findings are documented and the case is closed.
Recently a report was generated by the Office of Civil Rights stating that Health Insurance Portability and Accountability Act Security Rule accounted for the majority, or 60%, of violations, followed by Health Insurance Portability and Accountability Act Privacy Rule violations.
If the Office of Civil Rights finds an institute that violates HIPAA compliance, OCR takes the following actions:-
- Voluntary compliance;
- Corrective action; and/or
- Resolution agreement.
HIPAA put many financial penalties associated with HIPAA violations. The current financial penalties are listed below. Earlier to these new rules, fine that was imposed on violators was capped at $25,000. This number is now $1.5 million per violation.