What is HIPAA?
HIPAA commonly known as Health Insurance Portability and Accountability Act was brought by Congress in 1996 and this act was signed by President Bill Clinton.
The purpose when this act introduced was to ensure that employees would continue to receive health insurance coverage when they were between jobs. With the introduction of HIPAA many specifications on healthcare providers, health plans, healthcare clearinghouses, and business associates of HIPAA-covered entities were released so that it can protect the Protected Health Information (PHI) of patients.
Other than this it was also very helpful in improving the effectiveness of the healthcare system and protection of patient’s data.
Who Enforces HIPAA?
Office for Civil Rights (OCR) under the U.S. Department of Health and Human Services (HHS) enforces HIPAA compliance. Office for Civil Rights (OCR) is also considered as an arm of the Department of Health and Human Services (HHS).
With the introduction of Enforcement Final Rule of 2006, Office for Civil Rights (OCR) got the right to put money penalties to health care agencies and organizations that fail to comply with HIPAA compliance.
Covered entities that fall under HIPAA lows enforcement compliance ranges from small doctor’s offices to insurance companies, to hospitals. Till now OCR has received over 190,000 violations and has successfully resolved around 98% of them.
HIPAA Violation Penalty Structure
Many factors are considered by the Office of civil right (OCR) while deciding the fines and penalties against covered entities. Many factors such as time period over which violation took place, total number of individuals who were affected by the violation, and the type of the data leaked, the fiscal means of the agencies, and how much damage had been done by the breach are considered while putting the penalty.
Office of civil right (OCR) also consider the factor like the seriousness of the agency to assist with the investigation are considered by the office of civil right
Penalties for HIPPA violations
Office of civil right (OCR) put different penalties for a different type of violations and these penalties and fines are categorized as follow.
- HIPAA violation: Unknowing
- Minimum fine of $100 per violation up to $50,000
- HIPAA violation: Reasonable Cause
- Minimum fine of $1,000 per violation up to $50,000
- HIPAA violation: Willful neglect but violation is corrected within the required time period
- Minimum fine of $10,000 per violation up to $50,000
- HIPAA violation: Willful neglect and is not corrected within required time period.
- Minimum fine of $50,000 per violation up to $1.5 million.