HIPAA Final Rule Raises Fines for Non-Compliance
Increased penalties for noncompliance
HHS made official in the omnibus rule increased civil monetary penalties ranging from $100 in the "did not know" category to $1.5 million in the "not corrected" category.
The factors that will be considered when determining civil money penalties for non-compliance have expanded significantly, says Rebecca Herold, CISSP, CIPP/US/IT, CISM, CISA, FLMI, partner in Compliance Helper and CEO of The Privacy Professor of Des Moines, IA.
"To date, the factors really only involved the implementation of controls, as required by HIPAA, and any levels of 'willful neglect' involved in the associated situations," Herold says. "So pretty much the sanctions applied were based upon the preventive actions that were in place, or lacking. Now there are significant additional considerations: the impacts of the breach will be considered."
What will HHS review in terms of the extent of breaches in the new omnibus rule?
- Number of individuals affected
- Time period during which the violation occurred
- Nature and extent of the harm resulting from the violation, consideration of which may include but is not limited to:
- Whether the violation caused physical harm
- Whether the violation resulted in financial harm
- Whether the violation resulted in harm to an individual's reputation
- Whether the violation hindered an individual's ability to obtain healthcare
"I find the consideration of harm to an individual's reputation to be of particular interest, since that has been comparatively hard to prove in past court cases," Herold says. "However, this particularly points to the need to keep patient information off social media sites, since that has been a source of many breaches involving patient information."
- Antibiotic Overuse a 'Huge Threat' to Patient Safety, Says CDC
- CFO Exchange: Smartphones Poised to Disrupt Healthcare, Says Topol
- Consumerism Drives Healthcare Branding, Rebranding Efforts
- 3 Traits Personality Assessments Can't Reveal
- PA Ranks See 'Phenomenal Growth,' Lack of Diversity
- CHS Hacked, 4.5M Patient Records Compromised
- Business Roundup: M&A Activity Down Slightly in First Half of 2014
- CFO Exchange: Healthcare Leaders Share 5 Innovative Ideas
- Large Employers Trimming Healthcare Spending
- Carondelet to Pay $35M to Settle Fraud Allegations