Unintentionally releasing the private information of clients and customers has costly repercussions for any organization. There are data privacy laws in place to protect consumers from the sharing, selling and accidental release of private information. Some laws are general, and some are industry-specific, such as the Security Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) which mandates industry-wide standards for proper management of healthcare information and electronic billing. HIPAA requires that all healthcare providers implement the appropriate administrative, physical and technical safeguards to keep the protected health information (PHI) of their patients safe and secure
Although HIPAA regulations have been in place for over 20 years, many organizations are still confused about HIPAA enforcement and compliance. The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) estimates that 70 percent of organizations are still not HIPAA compliant.
In the past, discovery of HIPAA violations was relatively low. Patients did not fully understand their rights under HIPAA and organizations who were not in compliance flew under the radar. However, as data breach news becomes more talked-about and patients are understanding much more about their own rights, the risk of HIPAA non-compliance being discovered and an organization being penalized for it is significantly higher. The OCR has made it easy for patients to file complaints about suspected HIPAA violations, and those complaints are thoroughly investigated.
How Much Does a HIPAA Violation Cost an Organization?
The penalties for noncompliance are based on the level of negligence decided upon and can range from $100 to $50,000 per record, with a maximum penalty of $1.5 million per year for violations of an identical provision. In the case of willful neglect, violations can even carry criminal charges that can result in jail time for the responsible parties. Organizations that did not know they were in violation and then make reasonable efforts to correct them usually receive lower fines. 2018 was an all-time record year in HIPAA enforcement activity with OCR issuing financial penalties in 11 cases, amounting to $28.7 million combined. OCR also achieved the single largest individual HIPAA settlement in history – $16 million from a case against Anthem, Inc. for multiple HIPAA violations.
A HIPAA violation is no longer just a simple mistake, and it’s not one that healthcare organizations can afford to make. Insurance agents can help protect their healthcare clients by offering healthcare facilities insurance programs that include risk analyses and management services that can increase HIPAA compliance and reduce the risk of complaints and violations.
About Connected Risk Solutions
At Connected Risk Solutions, we use our expertise and experience to provide insurance information and programs to those who serve long-term care and senior living facilities. Since 2007, we’ve been offering insurance and risk management plans designed to help our agents give their clients the ability to achieve continued growth while simultaneously protecting against loss, containing costs and increasing profitability. To learn more, contact us at (877) 890-9301.
