HIPAA and HITECH Compliance

The Health Insurance Portability and Accountability Act (HIPAA) was passed on August 21, 1996, with the goal of making health care more efficient and accessible. However, most providers (and the public in general) are most familiar with the administrative simplification provisions of HIPAA. One of the primary purposes of the administrative simplification provisions was the creation of privacy standards for protected health information (PHI).

HIPAA, and its associated rules, create a complex web of regulations that virtually all health care providers must be aware of, and comply with. The most recent rules expand the reach of HIPAA beyond providers, require reporting of “breaches” of PHI, and increase penalties for non-compliance. These penalties include significant civil money penalties, up to 1.5 million dollars, and possible criminal penalties.

For most of HIPAA’s first 17 years, HIPAA enforcement was fairly limited, with enforcement relying on complaints to initiate investigations. However, this has radically changed recently. The past several years have demonstrated an exponential increase in enforcement.

Recent security failures at major retailers such as Target and Home Depot, and financial institutions such as Chase, demonstrate the vulnerability of technology. Health care providers must take precautions to protect the confidential information of patients or they will likely suffer severe penalties when a data breach occurs. As recent enforcement actions prove, even inadvertent privacy breaches can result in severe financial penalties for Covered Entities.

At Frier Levitt, we have experience with the development and implementation of comprehensive HIPAA compliance plans, data breach analysis and reporting, and physician and staff required annual training. We are well positioned to assist our clients in remaining compliant with HIPAA. Contact us to speak to an attorney.