HIPAA Fines Enforced
September 23rd, 2013, fines will be strictly enforced via Omnibus Rule.
United States Department of Health & Human Services put the responsibility on covered entities to ensure business associates are HIPAA compliant.
As of September 23rd 2013, the Department of Health & Human Services Civil Division began enforcing the Omnibus rule which expands the scope and depth of HIPAA / HITECH violations and penalties enacted from April 20th, 2005, as well as the HITECH ACT effective as of November 30th, 2010. These acts carry serious violation penalties that many healthcare organizations as well as their business associates, such as answering services and call centers, may be violating on a daily basis, many without fully understanding the requirements and breach ramifications. PatientCalls.com takes HIPAA / HITECH compliance seriously.
You must ensure that your own internal communications and current answering service or call center is compliant. Here is a quick start to your internal audit.
- Secure emails & SMS texts
- Business Associate Agreements in place
- Documented HIPAA Compliancy Officer
- HIPAA Breach Notification Procedure
- Storage & Security of all Personal Health Information (PHI)
Each violation can introduce fines from $100 per violation up to an annual maximum of $1.5 million dollars. The Department of Health & Human Services has begun to enforce existing HIPAA / HITECH laws by imposing drastic and maximum penalties in order to force global compliance.
See the information below about the plans of the HHS fines and penalty enforcement. From the American Medical Association’s website.
| HIPAA Violation | Minimum Penalty | Maximum Penalty |
| Individual did not know (and by exercising reasonable diligence would not have known) that he/she violated HIPAA | $100 per violation, with an annual maximum of $25,000 for repeat violations (Note: maximum that can be imposed by State Attorneys General regardless of the type of violation) | $50,000 per violation, with an annual maximum of $1.5 million |
| HIPAA violation due to reasonable cause and not due to willful neglect | $1,000 per violation, with an annual maximum of $100,000 for repeat violations | $50,000 per violation, with an annual maximum of $1.5 million |
| HIPAA violation due to willful neglect but violation is corrected within the required time period | $10,000 per violation, with an annual maximum of $250,000 for repeat violations | $50,000 per violation, with an annual maximum of $1.5 million |
| HIPAA violation is due to willful neglect and is not corrected | $50,000 per violation, with an annual maximum of $1.5 million | $50,000 per violation, with an annual maximum of $1.5 million |