Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Where do you fall


Published on

Brief description of penalties in accordance with the Health Insurance Portability and Accountability Act (HIPAA)

  • Be the first to comment

Where do you fall

  1. 1. Where do you fall?HIPAA Civil Penalties ReviewBy Dr. Jose I. Delgado???? ? ??? ??
  2. 2. Health Insurance Portability Act &Accountability ACT (HIPAA)• Signed into law in1996• Protects PatientInformation• Definesrequirements ofelectronic records• Establishesmandatory fines forviolations
  3. 3. Title II – PreventingHealthCare Fraud• Fraud and Abuse Program• Civil Monetary Penalties• Revisions to Criminal Law
  4. 4. Monetary Penalties• Civil penalties– $100 for each violation ofthe law, to a limit of$1,500,000 per year forviolations of the samerequirement.• Criminal sanctions– $50,000 to $250,000 andone to ten yearsimprisonment.
  5. 5. Data Breaches PenaltyStructure – Civil PenaltiesViolation Type Each Repeat/yearDid Not Know $100 – $50,000 $1,500,000Reasonable Cause $1,000 – $50,000 $1,500,000Willful Neglect Corrected $10,000 – $50,000 $1,500,000Willful Neglect NotCorrected$50,000 $1,500,000
  6. 6. Didn’t know/Due Diligence• An organization is inviolation, but theyhave taken everypossible step theycould have foreseento prevent that.– Minimum fine: $100per incident– Maximum fine:$50,000 per violation
  7. 7. Reasonable Cause• The steps have been taken, but somethingwas not addressed. For example, a companywent into a HIPAA audit and provided a gapanalysis, but something wasn’t addressed yet.The violation is due to reasonable cause andnot willful neglect.– Minimum fine: $1,000 per incident– Maximum fine: $50,000 per violation
  8. 8. Willful Neglect (Correctsmistake)• The organization clearlyignores the HIPAA lawbut corrects its mistakewithin the given amountof time.– Minimum fine: $10,000per incident– Maximum fine: $50,000per violation
  9. 9. Willful Neglect(Doesn’t correct mistake)• The organization ignores the HIPAA law anddoes not correct their mistake.– Minimum fine: $50,000 per incident– Maximum fine: $50,000 per incident
  10. 10. Brief Self AnalysisRequirement Yes No1Conducted Privacy Gap Analysis2Conducted Security Gap Analysis3Corrected Deficiencies identified in Gap Analysis4Conducted Risk Assessment5Corrected Deficiencies identified in Risk Analysis6Trained employees7Have Policies and Procedures and they have been updated8Have Business Associate Agreements and the same have beenupdated in accordance with the Omnibus Rule9Has a designated Privacy Officer and proof of actions for thisposition10Has a designated Security Officer and proof of actions for thisposition
  11. 11. Self-Analysis Results• Any No answer may result in fines• Self Analysis covers less than 1% ofrequirements• Ignorance of the law is no excuse!!!
  12. 12. Criminal Penalties• Separate from Civil Penalties• May be in addition to the Civil Penalties• Responsibility of the Department of Justice• Misuses health information can be fined up to$250,000 and up to 10 years of imprisonment
  13. 13. Recommendations• If you are going to play, learn the rules• In case of doubts; look for assistance• I know where I fall; do you?www.TainoConsultants.comTaino Consultants Inc.Dr. Jose I. Delgado