Noncompliance with HIPAA can have a substantial expenditure for healthcare companies, yet even though the fines for HIPAA breaches can be substantial, lots of healthcare companies have inferior compliance plans and are breaching several aspects of HIPAA Laws.
The Division of Health and Human Services’ OCR started the much postponed second stage of HIPAA compliance checks previous year with a series of desk audits, firstly on healthcare companies and secondly on BAs of protected units.
Those desk audits exposed several healthcare companies are either besieged with HIPAA compliance or are just not doing sufficient to make sure HIPAA Laws are adhered to.
The initial results of the desk audits, issued by OCR in September, indicated healthcare companies’ compliance efforts were mostly insufficient. 94% of companies had insufficient risk management policies, 89% were ranked as insufficient on patients’ entitlement to access their Protected Health Information, and 83% had executed insufficient risk studies. It would seem that for several healthcare companies, little has altered since the first stage of compliance audits were carried out in 2011/2012. Noncompliance with HIPAA is still common.
Some years before, the danger of the detection of a HIPAA breach was comparatively low. Even when HIPAA breaches were found, OCR rarely imposed financial fines. Similarly, although the HITECH Law allows state attorneys general to impose penalties for HIPAA breaches, comparatively few have used that right.
These days, the danger of HIPAA breaches being discovered is considerably higher. Sick persons are now much more familiar about their rights according to HIPAA, and OCR has made it simple for them to report grievances about doubted HIPAA breaches. HIPAA complaints are probed by OCR.
The increase in cyberattacks on healthcare companies mean data breaches are now far more likely to happen. A latest study by HIMSS Analytics/Mimecast displayed 78% of healthcare companies have faced a malware or ransomware attack in the previous 12 months, whereas an Accenture/AMA report displayed 83% of doctors have faced a cyberattack.
OCR probes all breaches of over 500 files to decide whether HIPAA Laws are followed. When a breach happens, companies’ HIPAA conformity plans will be analyzed.
OCR has also modified the implementation of HIPAA Laws and financial fines are far more usual. 20 resolutions reached concerning OCR and HIPAA protected units and their BAs, and 2 civil monetary fines imposed Since January 1, 2016.
OCR has not yet stated whether financial fines will be followed as a consequence of the HIPAA checks, however, OCR isn’t expected to ignore main HIPAA failures. Several breaches of HIPAA Laws might well see financial fines pursued.
The higher probability of a data breach happening or a grievance being recorded means noncompliance with HIPAA is possible to be found. However, what are the charges of noncompliance with HIPAA? What are the inducements for making sure all HIPAA Laws are obeyed?