2018 turned out to be a year of record fines for HIPAA violations. Over $25 million in fines, with the mean fine being just over $2.5 million. Could your medical entity bear that financial burden? Would it suffer irreparable harm from the adverse publicity? And just what violations did these healthcare entities do to get scrutinized, investigated and penalized?
Since 2016, settlements and fines from the Department of Health and Human Services’ Office for Civil Rights (OCR) have risen substantially. Healthcare entities should expect that this trend may continue and remain committed to avoiding HIPAA security breaches, negligence and failure to follow long-standing policies.
2018 Review of OCR Settlements
Whether your business is a smaller, private entity or a large, public entity, OCR investigations are expensive and potentially damaging to your business’s reputation. Prevention is our best defense – don’t let these errors happen.
Don’t forget about your State’s Attorney General’s Office
Medical entities also saw a rise in fines/monetary penalties from state attorney generals. While the penalties are not always for HIPAA violations, they are still a distraction from your healthcare entity’s mission statement, requiring employees’ time and financial resources devoted to defending you against violation of state laws and HIPAA violations. Some states have become more aggressive in enforcement of HIPAA violations. The Northeastern states – New Jersey, New York, Massachusetts, Connecticut and the District of Columbia – have stepped up their enforcement efforts along with Washington State (who has yet to announce a settlement amount with Aetna). Defendants in these actions include insurance companies, hospitals, medical groups and even a transcription company.
State settlement amounts have ranged from a low of $75,000 to a high of over $1,000,000.
Common sense and training along with competent managed IT services will help ensure that your business is at decreased risk of HIPAA fines and penalties.
The deeper your understanding of the scope of potential HIPAA violations, the less likely you’ll be guilty of violating patient privacy. The Department of Health and Human Services publishes OCR news and bulletins on its website. Details of every action are published on a timely basis, including a PDF of the resolution agreement.
Make it a point to review the OCR website on a monthly basis. This site will provide insight into the actionable behaviors that employees or departments may commit.
Many of these offenses seem obvious in retrospect. Ensure that every employee understands these simple violations.
Cybersecurity may be seen as a burdensome expense – protection of data is expensive, but it protects your business’s ability to recover in the event of a natural disaster or ransomware attack. Many of these settlements and penalties resulted from simple mistakes which would not have been costly to avoid. Be proactive and develop a plan to avoid expensive, avoidable HIPAA violations.
Thanks for helping us upgrade our Macs and get them working exactly as our business needs! Fast, convenient and very knowledgeable! You’re the best!
Alary Technologies has been our IT support team for the past year at the START Clinic for Mood and Anxiety Disorders. They have done a excellent job in upgrading our system, organization, and supporting us in technical computer matters. Compared to other IT companies we have worked with, Alary Technologies comes on top. Ahmed Kufaishi the Managing Director at Alary Technologies is solution focused, knowledgeable and makes an effort to really understand his clients’ needs. It has been a pleasure to work with Ahmed and Alary Technologies. I would recommend their services to other companies and clinics.
“We continue to work with Alary Technologies due to the fact that they are quite educated and knowledge based with current upgrades, and their commitment to their customers.”
Ahmed has been providing our company with expert IT services for close to 3 years. He has guided us through hardware upgrades, server back up procedures and was instrumental in brokering a custom software program that fully automated some key functions in our business. Ahmed has always been thoroughly professional in all his dealings with us and has provided consistent and sound advise for all of our IT requirements. We consider Ahmed and Alary Technologies to be an important partner for our business.
It is refreshing to work with someone who can organize things and describe in plain language. I have a large and growing knowledge base for my work as an architect. I have realized that I can’t do everything, that I do need a team member who can look after this one relatively small by crucial part of my practice.