Heath Information Technology for Economic and Clinical Health (HITECH) Act was signed into law, but only in 2010 did that law take effect.
HIPAA just grew some teeth. Well, actually the teeth started to first show in 2009 when the Heath Information Technology for Economic and Clinical Health (HITECH) Act was signed into law, but only in 2010 did that law take effect. HITECH was meant to promote the adoption and meaningful use of health information technology. With offices of all kinds making paper records a thing of the past, it was only fitting that the U.S. Department of Health & Human Services introduce law that would ensure the privacy of individual health information in the electronic age. This HITECH subtitle of HIPAA can really bite those not properly dealing with the electronic transmission of health information; HITECH provides the provision that strengthen the civil and criminal enforcement of the HIPAA rules. Monetary fines under the HITECH Act can run anywhere from $100 per single violation to $1,500,000 as the maximum for a calendar year worth of violations. The fines are structured on a tier level. Each level is meant to punish violations based on an increasing level of capability by the offender; the penalty will be decided based on the nature and the extent of the violation and the nature and the extent of the harm resulting from the violation. If you are one of the entities( i.e. companies with a health care plan, health care clearinghouses, and healthcare providers to name a few) required to be HIPAA compliant you could be subject to civil (money penalties) enforced by the Department of Health and Human Services, and or criminal penalties, enforced by the U.S. Department of Justice.
The fines and threat of imprisonment are a few major incentives for HIPAA covered entities to really get serious about protecting patient privacy information, but the reputation of a company, office, or facility should also be incentive enough. The last thing anyone wants is for their company or practice to make the evening news for improperly disposing of patient records or being the cause of their employees’ identity being stolen. However, it’s those high fines that are really starting to make those of us mandated to be HIPAA compliant sweat. The high fines levied on HIPAA violators reflect the importance of safeguarding protected health information. Faced with the looming threat of steep fines from failing to meet HIPAA data breach requirements, the health service industry is seeking ways to make sure they are HIPAA compliant.
There are a host of methods in which a facility or company can ensure compliance. These methods range anywhere from hiring an attorney to guide you through compliance, attending seminars, having a consultant visiting your facility, or purchasing software or other such compliance tools to guide you through the process. It would be a massive undertaking to sift through the HIPAA laws and administrative compliance procedures for any one person. I definitely recommend soliciting some sort of help. Just remember, whatever method is chosen, it is critical to make sure any staff dealing with patients or clients are trained in a uniform, facility specific, HIPAA compliance procedure. While the whole process may seem cumbersome, taking the time and making the investment to insure HIPAA compliance is going to pay off if the Department of Health and Human Services, or the Department of Justice ever decide to pay a visit.