The HIPAA enforcement agency, the Office of Civil Rights, has resolved 96% of its cases this year! Meaning if a complaint is opened they see it through.
The sad truth is roughly 40% of clinics hit with HIPAA violations shutdown.
And according to recent studies only 74% of practices believe they have proper protections in place to prevent unauthorized viewing of phi.
The big issue facing practices is the Security Rule. This is the one that gets violated when data is lost or stolen.
With 1 in 4 offices not having the proper safe guards in place to prevent HIPAA violations it becomes an expensive problem for everyone.
MD Anderson Cancer Center in Houston was just cited with $4.3MM in fines for having 3 unencrypted devices.
The current limit for HIPAA fines is $1.5 million per year, or $50,000 per instance on an identical violation, but fines can jump higher if “Willful neglect” is proven, which it was in the MD Anderson case.
The worse news is that if OCR finds it was a willful act, meaning if you knew it was a violation but let it happen anyways, jail time can be added. 1 year for not knowing, and up to 10 years if you knowingly sell patient information.
As daunting as maintaining compliance seems it can be easy to keep within HIPAA standards at your organization.