The Health Insurance Portability and Accountability Act (HIPAA), enacted in 1996, was designed to improve the efficiency and accessibility of healthcare. While HIPAA covers a wide range of issues, most providers and the public know it best for its privacy and security standards governing protected health information (PHI). These standards are known as the administrative simplification provisions of HIPAA.
Today, HIPAA and its related rules form a complex regulatory framework that extends beyond healthcare providers to business associates and other entities handling PHI. These rules require “breach” reporting, mandate safeguards to protect patient information, and impose significant penalties for non-compliance, including civil fines that can exceed 1.5 million dollars, and in some cases, criminal liability.
Enforcement has also shifted dramatically. For HIPAA’s first decade and a half, investigations were primarily complaint-driven. In recent years, however, federal regulators have taken a far more proactive approach, with enforcement activity increasing exponentially.
At Frier Levitt, we guide healthcare providers, technology companies, and related stakeholders through the complexities of HIPAA compliance. Our team helps clients mitigate risk, respond to enforcement actions, and develop proactive strategies to stay ahead of evolving regulatory requirements.
Recent security failures at major organizations and small practice groups alike such as Cerebral, Inc., Solara Medical Supplies, as well as breaches against individual practices such as a Florida pain management clinic, and breaches by health systems and insurers through cyber-attacks demonstrate the vulnerability of technology. Health care providers must take precautions to protect the confidential information of patients, or they will likely suffer severe penalties when a data breach occurs. As recent enforcement actions prove, even inadvertent privacy breaches can result in severe financial penalties.
At Frier Levitt, we assist our clients with the development and implementation of comprehensive HIPAA compliance plans, data breach analysis and reporting in compliance with the Breach Notification Rule, risk assessments, and physician and staff required annual training. We are well-positioned to assist our clients to analyze their current business practices to determine the applicability of HIPAA and recommend steps that the organization may take to move towards compliance.
How Frier Levitt Can Help
Frier Levitt provides strategic, industry-focused legal counsel tailored to your needs. Contact our team today to learn how we can help you.
