1. THE LEGAL EAGLE JUNE 2016 POWERED BY: THE LEGAL TEAM Issue 2
1
The Legal
Eagle
June 2016
Powered by: The
Legal Team
KEEP YOUR EYE ON PHI IN THIS ISSUE
Did you know?
If an individual did not know (and by exercising
reasonable diligence would not have known) that
he/she violated HIPAA, it carries a minimum penalty
of $100 per violation with an annual maximum of
$25,000 for repeat violations and a maximum
penalty of $50,000 per violation with an annual
maximum of $1.5 million.
If there is a HIPAA violation due to reasonable cause
and not due to willful neglect, it carries a minimum
penalty of $1,000 per violation with an annual
maximum of $100,000 for repeat violators and a
maximum penalty of $50,000 per violation with an
annual maximum of $1.5 million.
If there is a HIPAA violation due to willful neglect but
the violation is corrected within the required time
period, there is a minimum penalty of $10,000 per
violation with an annual maximum of $250,000 for
repeat violations and a maximum penalty of
$50,000 per violation with an annual maximum of
$1.5 million.
If there is a HIPAA violation due to willful neglect,
and it is not corrected, there is a minimum penalty
of $50,000 per violation with an annual maximum of
$1.5 million and a maximum penalty of $50,000 per
violation with an annual maximum of $1.5 million.
Criminal Penalties
In June 2005, the U.S. Department of Justice (DOJ)
clarified who can be held criminally liable under
HIPAA. Covered entities and specified individuals, as
explained below, who "knowingly" obtain or disclose
individually identifiable health information in
violation of the Administrative Simplification
Regulations face a fine of up to $50,000, as well as
imprisonment up to one year. Offenses committed
under false pretenses allow penaltiesto be increased
to a $100,000 fine, with up to five years in prison.
Finally, offenses committed with the intent to sell,
transfer, or use individually identifiable health
information for commercial advantage, personal
gain or malicious harm permit fines of $250,000, and
imprisonment for up to ten years.
Knowingly
The DOJ interpreted the "knowingly" element of the
HIPAA statute for criminal liability as requiring only
knowledge of the actions that constitute an offense.
Specific knowledge of an action being in violation of
the HIPAA statute is not required.
Source: http://www.ama-
assn.org/ama/pub/physician-
resources/solutions-managing-your-
practice/coding-billing-insurance/hipaahealth-
insurance-portability-accountability-act/hipaa-
violations-enforcement.page?
Don’t land in HIPAA Jail!
The U.S. Department of Health and Human Services
maintains a list of HIPAA Violators:
https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
I commit to:
Proofread my work
Be aware
Be attentive
Be observant
Stop and double check the intended
recipient of any email before sending
HIPAA Violations and Enforcement
2. THE LEGAL EAGLE JUNE 2016 POWERED BY: THE LEGAL TEAM
| Issue 2
2
Name: Sierra Smith
Title: Senior Hospice
Account Manager
Legal Eagle Q&A with the First
Inductee into the
HIPAA Hall of Fame
How long have you been with
ProCare?
5 years and 6 months.
QT or RaceTrac?
QT
If you could be any flavor of ice
cream, what would you be & why?
Chocolate with Pecans; I
love that flavor, and I am a
bit nutty!
Facebook or Twitter?
NEITHER!
Braves or Falcons?
BOTH!
Favorite Inspirational quote?
I have a few… not sure which
one to choose:
“And we know that all things
work together for good to them
that love God, to them who are
called according to his purpose.”
Romans 8:28
“When life knocks you down to
your knees, know that you’re in
the perfect position to pray.”
“One day your life will flash
before your eyes. Make sure it’s
worth watching...”
HIPAA Hero:
Do you have a co-worker who
consistently demonstrates
compliance, attention to detail,
precision and dedication to HIPAA?
Nominate them to be featured in
next month’s newsletter as the
HIPAA Hero! Submissions can be sent
to estewart@procarerx.com
OUR FIRST HIPAA
Hero:
MEET SIERRA SMITH
3. THE LEGAL EAGLE JUNE 2016 POWERED BY: THE LEGAL TEAM
| Issue 2
3
Leonard’s Legal Language Lesson
Would business associate contracts in electronic form, with an electronic signature, satisfy
the HIPAA Privacy Rule's business associate contract requirements?
Yes, assuming that the electronic contract satisfies the applicable requirements of State contract law. The
Privacy Rule generally allows for electronic documents, including business associate contracts, to qualify as
written documents for purposes of meeting the Rule’s requirements.
However, currently, no standards exist under HIPAA for electronic signatures. In the absence of specific
standards, covered entities must ensure any electronic signature used will result in a legally binding contract
under applicable State or other law.
Source: http://www.hhs.gov/hipaa/for-professionals/faq/247/are-business-associate-contracts-in-electronic-form-acceptable/index.html
LEONARD’S VOCABULARY CROSSWORD: