HIPAA Final Rule Raises Fines for Non-Compliance
Increased penalties for noncompliance
HHS made official in the omnibus rule increased civil monetary penalties ranging from $100 in the "did not know" category to $1.5 million in the "not corrected" category.
The factors that will be considered when determining civil money penalties for non-compliance have expanded significantly, says Rebecca Herold, CISSP, CIPP/US/IT, CISM, CISA, FLMI, partner in Compliance Helper and CEO of The Privacy Professor of Des Moines, IA.
"To date, the factors really only involved the implementation of controls, as required by HIPAA, and any levels of 'willful neglect' involved in the associated situations," Herold says. "So pretty much the sanctions applied were based upon the preventive actions that were in place, or lacking. Now there are significant additional considerations: the impacts of the breach will be considered."
What will HHS review in terms of the extent of breaches in the new omnibus rule?
- Number of individuals affected
- Time period during which the violation occurred
- Nature and extent of the harm resulting from the violation, consideration of which may include but is not limited to:
- Whether the violation caused physical harm
- Whether the violation resulted in financial harm
- Whether the violation resulted in harm to an individual's reputation
- Whether the violation hindered an individual's ability to obtain healthcare
"I find the consideration of harm to an individual's reputation to be of particular interest, since that has been comparatively hard to prove in past court cases," Herold says. "However, this particularly points to the need to keep patient information off social media sites, since that has been a source of many breaches involving patient information."
- CVS Ramps Up Retail Clinics with Provider Affiliations
- 4 Tectonic Shifts Shaking Up Healthcare
- Contradictory Obamacare Rulings Issued by Appellate Courts
- Drug Pricing 'Tantamount to Greed,' Lawmaker Says
- Study Puts Spotlight on Preventing Fall-Related Injuries
- As HIPAA Breaches Accelerate, Tools Lag
- Wanted: Nurse PhDs
- Roundtable: Life After a Healthcare Organization Acquisition
- The Infection-Busting Treatment Payers Don’t Want to Talk About
- Medical Errors Third Leading Cause of Death, Senators Told