Are You Ready for the Next HIPAA Compliance Audits

Published on January 2017 | Categories: Documents | Downloads: 28 | Comments: 0 | Views: 185
of 2
Download PDF   Embed   Report

Comments

Content


Are You Ready For The Next HIPAA Compliance Audits?
http://www.medicalbilling4u.com/company/blog/entry/are-you-ready-for-the-next-hi
paa-compliance-audits.html
Physician practices, both new and experienced, need to be ready this fall for a
new round of HIPAA compliance audits. The Office for Civil Rights at the US Depa
rtment of Health and Human Services, which is already involved in complaint inve
stigations stemming from the new HIPAA rules, will start their round of HIPAA au
dits to determine if physician practices are compliant with these new HIPAA rule
s.
Be warned, as the fines for violations of HIPAA regulations can hit $1.5 million
or more according to the American Medical Association, and all practices need t
o ensure that they are deploying every available resource toward being HIPAA com
pliant, and to ensure that they violate no HIPAA regulations.
From the AMA Website:

Failure to comply with HIPAA can result in civil and criminal penalties (42 USC § 1
320d-5).
Civil Penalties
The âAmerican Recovery and Reinvestment Act of 2009â(ARRA) that was signed into law on F
ebruary 17, 2009, established a tiered civil penalty structure for HIPAA violati
ons (see below). The Secretary of the Department of Health and Human Services (H
HS) still has discretion in determining the amount of the penalty based on the n
ature and extent of the violation and the nature and extent of the harm resultin
g from the violation. The Secretary is still prohibited from imposing civil pena
lties (except in cases of willful neglect) if the violation is corrected within
30 days (this time period may be extended).
HIPAA Violation Minimum Penalty Maximum Penalty
Individual did not know (and by exercising reasonable diligence would not have k
nown) that he/she violated HIPAA $100 per violation, with an annual maximum of $
25,000 for repeat violations (Note: maximum that can be imposed by State Attorne
ys General regardless of the type of violation) $50,000 per violation, with an a
nnual maximum of $1.5 million
HIPAA violation due to reasonable cause and not due to willful neglect $1,000 pe
r violation, with an annual maximum of $100,000 for repeat violations $50,000 pe
r violation, with an annual maximum of $1.5 million
HIPAA violation due to willful neglect but violation is corrected within the req
uired time period $10,000 per violation, with an annual maximum of $250,000 for
repeat violations $50,000 per violation, with an annual maximum of $1.5 million
HIPAA violation is due to willful neglect and is not corrected $50,000 per viola
tion, with an annual maximum of $1.5 million $50,000 per violation, with an annu
al maximum of $1.5 million
Criminal Penalties
In June 2005, the U.S. Department of Justice (DOJ) clarified who can be held cri
minally liable under HIPAA. Covered entities and specified individuals, as expla
ined below, whom "knowingly" obtain or disclose individually identifiable health
information in violation of the Administrative Simplification Regulations face
a fine of up to $50,000, as well as imprisonment up to one year. Offenses commit
ted under false pretenses allow penalties to be increased to a $100,000 fine, wi
th up to five years in prison. Finally, offenses committed with the intent to se
ll, transfer, or use individually identifiable health information for commercial
advantage, personal gain or malicious harm permit fines of $250,000, and impris
onment for up to ten years.
Covered Entity and Specified Individuals
The DOJ concluded that the criminal penalties for a violation of HIPAA are direc
tly applicable to covered entitiesâincluding health plans, health care clearinghouse
s, health care providers who transmit claims in electronic form, and Medicare pr
escription drug card sponsors. Individuals such as directors, employees, or offi
cers of the covered entity, where the covered entity is not an individual, may a
lso be directly criminally liable under HIPAA in accordance with principles of "
corporate criminal liability." Where an individual of a covered entity is not di
rectly liable under HIPAA, they can still be charged with conspiracy or aiding a
nd abetting.
Knowingly
The DOJ interpreted the "knowingly" element of the HIPAA statute for criminal li
ability as requiring only knowledge of the actions that constitute an offense. S
pecific knowledge of an action being in violation of the HIPAA statute is not re
quired.
Exclusion
The Department of Health and Human Services (DHHS) has the authority to exclude
from participation in Medicare any covered entity that was not compliant with th
e transaction and code set standards by October 16, 2003 (where an extension was
obtained and the covered entity is not small) (68 FR 48805).
Enforcing Agencies
The DHHS Office of Civil Rights (OCR) enforces the privacy standards, while the
Centers for Medicare & Medicaid (CMS) enforces both the transaction and code set
standards and the security standards (65 FR 18895). Enforcement of the civil mo
netary provisions has not yet been tasked to an agency.
Please refer to the AMA's FAQs on the privacy regulations for additional informa
tion on enforcement of the privacy standards.
No Private Cause of Action
While HIPAA protects the health information of individuals, it does not create a
private cause of action for those aggrieved (65 FR 82566). State law, however,
may provide other theories of liability.


The best way to help ensure compliance is to start with a qualified Medical Bill
ing company, and entrust your practice's private information to a top quality El
ectronic Health Records system. Medical Billing Solutions, Inc. has been in oper
ation since 1998, and has developed a reputation from their clients as a custome
r service oriented, very thorough medical billing company. Their dedication to d
etail led them to use Optum Practice Management, and Optum Electronic Medical Re
cord software for their customers. To learn more about this software and how it
can help manage your physician practice, and how Medical Billing Solutions, Inc.
can help get your practice paid more, faster, visit www.medicalbilling4u.com to
day, and call 888-810-0098 to get a free quote on their services.

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close