Compliance with HIPAA Regulations High on the Agenda as Fine Issues

by Ryan Coyne | Sep 4, 2014

In the wake of high profile data breaches in recent months, in particular the breach of PHI across 209 hospitals run by CHS, compliance with HIPAA regulations is now high on the agenda, especially considering the large penalties being applied by the OCR.

Any data breach involving more than 500 people must be reported at both state and national levels, with the report launching an official review by the OCR. The investigation will look into how the data breach occurred and the measures and safeguards implemented to protect data. Fines are issued for any breaches which have arisen from failures to adhere to HIPAA guidelines.

However data breaches on their own are not the only reason for fines being applied. Compliance with HIPAA requires policies to be strictly implemented to ensure security risks are effectively dealt with. When an organization is reviewed it will be against a standard to determine if there has been willful neglect, and whether a violation has happened.

A absence of a thorough risk analysis is a violation of HIPAA regulations. If the risk analysis is carried out and data security issues are highlighted, all of those issues must be addressed quickly. If security concerns are not tackled, ePHI could be exposed and the OCR will consider it a violation and is likely to issue a monetary penalty.

However, even without a data breach a compliance review may be needed and an organization can be selected for review in random audits. Compliance with all procedures will be assessed and the OCR will apply a financial penalty for each procedural violation of HIPAA regulations found.

The right to submit a complaint belongs to any person who has reason to believe that regulations have been breached or where a covered entity or business associate “is not complying with the administrative simplification provisions”. If an individual submits a complaint the HHS may conduct a compliance review.

Healthcare organizations and other HIPAA covered entities are therefore warned to take action on each privacy issue and not to wait for the OCR investigation. Non compliance, including a failure to control documentation appropriately is enough to earn a violation and financial penalty for each compliance issue found. Ignoring HIPPA compliance issues can be a very costly error to make.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Used in 1000+ Healthcare Organizations and 100+ Universities

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter