The Health Insurance Portability and Accountability Act (HIPAA) has been protecting the privacy and security of certain health information for Americans everywhere since its implementation in 1996. Despite its intentions, there continues to be a concern for individuals’ health information as our healthcare system becomes increasingly digitized.
Do you know how this affects your physical therapy clinic? Let’s review:
The Consequences of HIPAA Violations
The severity of the consequence depends on the severity of the violation itself. These incidents can result in penalties costing your practice thousands or even millions of dollars in fines, not to mention a loss in credibility, reputation, and patients. With all violations, there are also the costs associated with civil and criminal investigations. Needless to say, the best thing for your practice is to know how to avoid any type of HIPAA breach.
According to Joette Derricks’ Security Risk Assessment for Small Practices: Tools and Case Studies, HIPAA violations and their resulting ramifications can be divided into four categories.
- An individual did not know and would not have known based on reasonable diligence that they violated HIPAA. This violation carries the most minor repercussion, with minimum penalties of $100 per violation and an annual maximum of $25,000 for repeated violations.
- An individual did not willfully neglect to protect individuals’ rights but did so with reasonable cause. The minimum penalty per violation increases dramatically, costing your practice $1,000 per violation or a maximum of $100,000 annually.
- An individual expressed willful neglect but corrected the violation quickly. At $10,000 for every violation or $250,000 for repeat violations, it’s clear that intent to disregard HIPAA increases the fines dramatically.
- An individual willfully neglected patients’ rights and did not correct the situation. The minimum penalty for this situation is also the maximum fine for a HIPAA violation in any of the situations listed. If a practice does not correct the situation, they can expect to forfeit $50,000 per violation or an annual maximum of $1.5 million.
It should be noted, however, that the most costly consequence may actually be the inability to recover from such an incident. When a practice is penalized for violating HIPAA and has, therefore, disregarded a patient’s rights to privacy regarding their personal health information, current and prospective patients may choose to seek care elsewhere where they believe their fundamental rights will be respected.
If you have concerns about your practice’s compliance with HIPAA, we have the resources you need to remain compliant. For more information on HIPAA violations, security risk analysis, and more, reach out to us at (713) 899-9812 or visit our website today!