HIPAA Alert: increased fines, audits and criminal indictments
With the transition to electronic health records, a great deal of attention is being placed on privacy breaches. One criminal case, which reflects more aggressive efforts by the government, may amplify legal risks for doctors and other “covered entities” for employee violations.
In the Eastern District of Arkansas, a former Northeast Arkansas Clinic employee recently plead guilty to “wrongfully disclosing a patient’s protected health information and using malicious intent.” (Amy Lynn Sorrel, Criminal HIPAA case targets employee, not clinic for breach, amednews.com). A U.S. Attorney, Jane W. Duke indicated, “[w]hat every HIPAA-covered entity needs to realize and reinforce to its employees is that the privacy provisions of HIPAA are serious and have significant consequences if they are violated.” Ibid. This extends to physicians, hospitals, insurers and employees.
Along similar lines, in a civil action, the federal government recently “assessed a multi-million dollar civil monetary penalty and entered into multiple resolution agreements with several covered entities for alleged HIPAA violations.” (HIPAA Enforcement Heats Up: Fines, Audits, Indictments and More Regulations (Nov. 15, 2011)). As set forth in the HITECH Act, the penalties now range from “$50,000 per day of violation and a $1.5 million annual cap for the same violation.” Ibid.
For providers, this means educating everyone on the legal and monetary ramifications of breaching HIPAA privacy standards and accessing medical records. The Health and Human Services -Office for Civil Rights is stepping up enforcement of HIPAA compliance and the penalties are significant. Therefore, entities need to review their compliance programs and integrity of medical records.
Posted on: under: Uncategorized