HIPAA Assessment

HIPAA Penalties and Enforcement

Civil penalties include fines of up to $1.5 million per violation, and additional fines can be applied if the violator fails to cooperate with investigators.  Civil enforcement of HIPAA is administered by the HHS Office for Civil Rights (OCR).

Criminal penalties apply to the intentional misuse of health information for commercial or personal gain, or intentional harm.  Criminal penalties can include fines and imprisonment for up to 10 years. Criminal enforcement of HIPAA is conducted by the U.S. Department ofJustice (DOJ).

When first enacted, HIPAA did not include funding for enforcement, but the recently passed HITECH Act provided significant funding for audits and breach investigations. These changes have created a stricter regulatory environment, resulting in many more investigations and penalties.  Failure to comply with HIPAA has cost healthcare organizations millions of dollars in fines.

There are more than 2,700,000 HIPAA individual organizations that are required by law to conduct a HIPAA Risk Assessment, including:

  • Hospitals
  • Urgent Care Clinics
  • Dental Offices
  • Nursing Homes
  • Behavioral Health Facilities
  • Diagnostic Labs
  • Correctional Facilities
  • Pharmacies
  • IT Service Providers
  • Shredding Companies
  • Documents Storage Companies
  • Attorneys
  • Accountants
  • Collection Agencies
  • EMR companies
  • Data Centers, Online Backup companies and Cloud vendors
  • Insurance Agents
  • Revenue Cycle Management vendors
  • Contract Transcriptionists

Every business associate and all of their sub-contractors must have proof of a Risk Analysis under the law.

We generate the official documents that comprise a comprehensive HIPAA IT assessment, including: HIPAA Policy and Procedures, HIPAA Risk Analysis, HIPAA Management Plan, Evidence of HIPAA Compliance and all of the associated supporting documentation.

We support the achievement of Meaningful Use in the implementation of Electronic Health Records (EHR)

Healthcare providers receive direct financial incentives for early EHR adoption and Meaningful Use against a series of established deadlines. Incentive programs are overseen by the Centers for Medicare & Medicaid Services.

Call us today to speak with our HIPAA SECURITY PROFESSIONAL about a risk analysis!