Compliance with HIPAA Regulations High on the Agenda as Fine Issues

by | Sep 4, 2014

In the wake of high profile data breaches in recent months, in particular the breach of PHI across 209 hospitals run by CHS, compliance with HIPAA regulations is now high on the agenda, especially considering the large penalties being applied by the OCR.

Any data breach involving more than 500 people must be reported at both state and national levels, with the report launching an official review by the OCR. The investigation will look into how the data breach occurred and the measures and safeguards implemented to protect data. Fines are issued for any breaches which have arisen from failures to adhere to HIPAA guidelines.

However data breaches on their own are not the only reason for fines being applied. Compliance with HIPAA requires policies to be strictly implemented to ensure security risks are effectively dealt with. When an organization is reviewed it will be against a standard to determine if there has been willful neglect, and whether a violation has happened.

A absence of a thorough risk analysis is a violation of HIPAA regulations. If the risk analysis is carried out and data security issues are highlighted, all of those issues must be addressed quickly. If security concerns are not tackled, ePHI could be exposed and the OCR will consider it a violation and is likely to issue a monetary penalty.

However, even without a data breach a compliance review may be needed and an organization can be selected for review in random audits. Compliance with all procedures will be assessed and the OCR will apply a financial penalty for each procedural violation of HIPAA regulations found.

The right to submit a complaint belongs to any person who has reason to believe that regulations have been breached or where a covered entity or business associate “is not complying with the administrative simplification provisions”. If an individual submits a complaint the HHS may conduct a compliance review.

Healthcare organizations and other HIPAA covered entities are therefore warned to take action on each privacy issue and not to wait for the OCR investigation. Non compliance, including a failure to control documentation appropriately is enough to earn a violation and financial penalty for each compliance issue found. Ignoring HIPPA compliance issues can be a very costly error to make.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy