The procedures built into our RecordJacket.com™ system and the HIPAA knowledge support that we provide to our customers minimize the substantial HIPAA compliance risks faced by providers.
Civil fines under HIPAA for record disclosure violations start at up to $100 per violation, with a yearly cap of $25,000 for all violations of an identical disclosure requirement or prohibition. Criminal penalties can range from up to $50,000 and one year in jail for the lowest level of criminal conduct to as much as $250,000 and ten years in jail for egregious violations.
While the government has not been imposing fines to date, it is reviewing thousands of complaints and has referred more than 200 cases to the United States Department of Justice for consideration as possible criminal matters. A lengthy mid-2005 memorandum from the Justice Department noted that the Department might prosecute individual officers of health care entities as well as the entities themselves. Such cases would be brought under “general principles of corporate criminal liability,” which means that corporate officers could be liable for actions taken by others in their companies even if they were not directly aware of what happened.
Adding to the enforcement pressures on federal regulators are patient advocacy groups. Their calls for more focus on protecting medical and other sensitive personal information have grown louder following several well-publicized data security breaches over the last few years.
Poor HIPAA compliance practices may also have unpleasant and unintended consequences for providers in other contexts, such as malpractice suits. HIPAA does not allow patients to sue providers directly for alleged disclosure violations – such allegations can go only to the federal regulators for review – but claims that improper disclosure decisions contributed to damages in other contexts are starting to appear.
We have found that about 10 percent of the requests from third parties that we process on behalf of our customers have something in them that is cause for concern and that requires additional investigation or supervisory review. About half of those requests, or five percent of the total, are not HIPAA-compliant and have to be rejected or returned to the requestors for further clarification. Prior to our involvement with our customers, many of these requests were fulfilled without the additional review that they are now receiving through our service.
HIPAA’s potential civil and criminal liabilities are very real. Providers need to be aware of how well they are performing under the rules and need to take the kind of steps that we provide through RecordJacket.com™ to be sure that they stay compliant.
** The Record Jacket® Release Manager from Verisma Systems, Inc., is covered under U.S. Patent numbers 6,804,787 and 7,191,463.
*** To download information on our Release Fee Collection Service policy, click here.
Plus sales tax where applicable. 24/7 access subject to occasional downtime due to systems and servers maintenance. Terms, conditions, pricing, features, support and service options subject to change without notice.
Record Jacket, the open padlock logo, Verisma and RecordJacket.com™ are trademarks of Verisma Systems, Inc.
All other names are trademarks or registered trademarks of their respective owners.
© 2009 Verisma Systems, Inc. All rights reserved.
