Privacy is a big topic these days, especially when technology like the internet has made life easier for doctors and patients by streamlining medical care experiences. The problem with making areas of our lives more connected is that there are more ways that sensitive information can get out, creating a big privacy concern for patients who want to keep their private information private. HIPAA regulations were created to make sure that your sensitive data is protected. This blog is a look at how these laws have changed since the creation of the act in 1996. [i]
- Unknowingly Violating HIPAA
The minimum fine was increased to $110 from $100 per violation. The maximum fine was increased to $55,010 from $50,000 per violation.
- Reasonable Cause
The minimum fine for reasonable cause but not willful neglect went from $10,000 to $11,002. The maximum was $50,000 but was increased to $55,010.
- Willful Neglect that Wasn’t Corrected within 30 Days
The minimum fine of $50,000 was increased to $55,010. Its maximum fine increased from $1,500,000 to $1,650,300.
More Frequent Investigations
To sum up the process, once a violation complaint is filed with the OCR and an investigation occurs, the defendant is notified of any violations. As long as there was no willful neglect which caused the violations, the organization under investigation is then given 30 days to remedy the situation.
Additionally, audits are now in effect (different than an investigation mentioned above) to ensure that covered entities are in compliance with all HIPAA rules. Typically, the OCR will send out notifications to an organization prior to an audit and businesses are selected based on questionnaires sent out. If there are any compliance issues, the OCR will start a compliance review to take a closer look at the issue to see what the next steps are.
Better Defined Regulations
Under these new rules, covered entities need to (among other things):
- Train staff for compliance
- Update privacy policies
- Update/issue new Business Associate Agreements
- Update Privacy Practices notices
- Perform proper risk assessments
Check out our page for more information:
And our other HIPAA blogs: