What HIPAA Violations Mean for Your Physical Therapy Practice

The Health Insurance Portability and Accountability Act (HIPAA) has been protecting the privacy and security of certain health information for Americans everywhere since its implementation in 1996. Despite its intentions, there continues to be a concern for individuals’ health information as our healthcare system becomes increasingly digitized.


Do you know how this affects your physical therapy clinic? Let’s review:


The Consequences of HIPAA Violations

The severity of the consequence depends on the severity of the violation itself. These incidents can result in penalties costing your practice thousands or even millions of dollars in fines, not to mention a loss in credibility, reputation, and patients. With all violations, there are also the costs associated with civil and criminal investigations. Needless to say, the best thing for your practice is to know how to avoid any type of HIPAA breach.


According to Joette Derricks’ Security Risk Assessment for Small Practices: Tools and Case Studies, HIPAA violations and their resulting ramifications can be divided into four categories.


  1. An individual did not know and would not have known based on reasonable diligence that they violated HIPAA. This violation carries the most minor repercussion, with minimum penalties of $100 per violation and an annual maximum of $25,000 for repeated violations.
  2. An individual did not willfully neglect to protect individuals’ rights but did so with reasonable cause. The minimum penalty per violation increases dramatically, costing your practice $1,000 per violation or a maximum of $100,000 annually.
  3. An individual expressed willful neglect but corrected the violation quickly. At $10,000 for every violation or $250,000 for repeat violations, it’s clear that intent to disregard HIPAA increases the fines dramatically.
  4. An individual willfully neglected patients’ rights and did not correct the situation. The minimum penalty for this situation is also the maximum fine for a HIPAA violation in any of the situations listed. If a practice does not correct the situation, they can expect to forfeit $50,000 per violation or an annual maximum of $1.5 million.



It should be noted, however, that the most costly consequence may actually be the inability to recover from such an incident. When a practice is penalized for violating HIPAA and has, therefore, disregarded a patient’s rights to privacy regarding their personal health information, current and prospective patients may choose to seek care elsewhere where they believe their fundamental rights will be respected.



If you have concerns about your practice’s compliance with HIPAA, we have the resources you need to remain compliant. For more information on HIPAA violations, security risk analysis, and more, reach out to us at (713) 899-9812 or visit our website today!

How to Properly Handle an Employee’s Sick Leave


Employees are the key to any business’s success, so when an employee comes to you and reveals that they are struggling with an illness and need sick leave, you need to react quickly and clearly to keep your business afloat.


Here are the steps every business owner should follow when an employee requests sick leave.


Know The Law

Although the federal government does not have any regulations guaranteeing paid sick leave, the Family and Medical Leave Act of 1993 does declare that business owners who have more than 50 employees on staff must offer unpaid sick leave to individuals who have been with the company for longer than 12 months.


Additionally, many state and municipal governments have gone their own way and passed laws guaranteeing paid sick leave for employees, including Connecticut, Oregon, California, Vermont, Massachusetts, Arizona, and several others.


If an employee comes to you and requests sick leave, check with your local and state government to find out what duties are required of you and what paperwork you and your staff may need to fill out.


Respect Their Privacy

Employers need to know that it is against HIPAA rules to demand medical information from their employees or their doctors. Doctor’s notes need only say that the employee is not well enough for work.


What employers can ask individuals about is the prognosis and when they can potentially return to work. This gives you a proper timeline to coordinate with the rest of your staff while allowing your employees to maintain their dignity and privacy.


Look For Replacements

Losing a staff member can be a difficult change, especially when you may not know when they will return or have several projects that they are a part of.


Temporary workers are a great resource for business owners because they are hired for short-term employment and do not require any of the health benefits or coverage that your staff is typically entitled to.


HR laws exist to protect employees from medical discrimination, but these rules can seem like a labyrinth to employers who just want to keep their businesses running. Give our rehabilitation compliance experts a call today at (713) 899-9812 or visit us online to see how our services can keep your employees happy and healthy.