HIPAA Audits Mean Tougher Enforcement Is On Its Way
It’s hard not to notice the writing on the wall for organizations who handle patient health records. With fines and arrests on the rise and audit intensity and frequency increasing, HIPAA compliance is a serious matter for all covered entities. The failure to handle health records correctly can result in severe penalties.
John Edward Cipolla of Niagara Falls, Ontario is facing a maximum sentence of 10 years behind bars if he’s found guilt of dumping medical records of patients treated at Avalon Centers Inc. Avalon Centers Inc. was once used to treat people with eating disorders but is no longer in business. In addition to possible incarceration for his negligence, Cipolla could be charged a fine of $250,000 if found guilty.
Cases involving HIPAA violations are increasing, and breach enforcement of covered entities are gaining steam. Even more concerning for health care providers, random audits for HIPAA compliance will soon begin. 150 health care providers will be randomly selected and audited before the end of 2012. These audits will include “on-premise” visits from auditors to make a full evaluation of the business practices used to protect sensitive patient data and health records.
Although HIPAA regulations haven’t been strictly enforced and fines resulting from data breaches were rarely levied in the past, the upcoming audits changes how healthcare providers view the importance of compliant record handling as set forth in HIPAA/HITECH. Until 2011, The U.S. Department of Health and Human Services (HHS) had received around 50,000 complaints but hadn’t levied a fine. The upcoming oversight indicates that the HIPAA audits will be tools for enforcement. If violations are found during the audits, negative action is expected.
With fines rising and audits and enforcement sure to increase, there is no better time than now for healthcare providers, including dentists, doctors, clinics, hospitals, nursing homes, psychologists, chiropracters and pharmacies to make sure they’re HIPAA compliant. Instituting a HIPAA Compliance checklist and learning all about HIPAA compliance basics show a certain route using ‘best practices’ that can be achieved by motivated organizations. Appointing a HIPAA compliance officer who can help the culture of your organization meet regulation requirements is an important first step. If you’ve already been appointed in the capacity, finding out how to vastly increase the safety and security of your network and how your organizations handles offline and electronic data is a must. Achieving HIPAA compliance is as much a mindset as it is a set of technical procedures that must be followed.
If you are responsible for security for your organization, please request a quote. Our Cloud email security solutions are a great choice for those who need to improve the security of their email transmissions to meet HIPAA compliant regulations.