Business Associates Can Pay Directly for Breaches
Business associates can be directly liable for a breach of unsecure protected health information (PHI) and could have to pay OCR directly, a top OCR official told HealthLeaders Media at the 18th Annual National HIPAA Summit Wednesday afternoon.
HealthLeaders Media asked Sue McAndrew, deputy director for Health Information Privacy for OCR, if a business associate could end up paying out of its own pocket for a breach.
The answer is yes.
"Business associates going forward will be directly liable for violations that occur in their possession," McAndrew said. "The fines would be imposed upon the BA, and if they can't pay, we send them to jail."
McAndrew laughed at the line about "jail," and said it was in jest.
However, she went on to say OCR would consider waiving—or decreasing—some of the penalties after an assessment of the financial state of a violating hospital. She also said that the "settlement door is always open."
On Wednesday, McAndrews also released breach numbers for the month of January:
- As of January 2010, there have been 35 reports of breaches affecting 500-plus individuals, resulting in 712,000 notices.
- Most of the reports were ePHI contained in lost or stolen unencrypted media or portable device.
- There were more than 300 reports of smaller breaches.
- Most of the paper records were sent to wrong fax numbers, wrong addresses, and wrong individuals.
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- Antibiotic Overuse a 'Huge Threat' to Patient Safety, Says CDC
- 3 Traits Personality Assessments Can't Reveal
- Consumerism Drives Healthcare Branding, Rebranding Efforts
- CHS Hacked, 4.5M Patient Records Compromised
- PA Ranks See 'Phenomenal Growth,' Lack of Diversity
- Business Roundup: M&A Activity Down Slightly in First Half of 2014
- CFO Exchange: Healthcare Leaders Share 5 Innovative Ideas
- CFO Exchange: Smartphones Poised to Disrupt Healthcare, Says Topol
- Large Employers Trimming Healthcare Spending
- 3 Things the Ice Bucket Challenge Can Teach Hospital Marketers