The Health Insurance Portability and Accountability Act of 1996 (HIPAA), with its updates and the recently associated HITECH Act, is designed, among other things, to protect the security and privacy of the patient information stored in electronic and paper form in any portion of the health care system. These Acts specify the means by which information is to be transmitted and stored.
Personal medical data is called protected health information (PHI). It is sometimes also known as Individually Identifiable Health Information, and sometimes electronic Personal Health Information (ePHI). Because the loss of control of PHI could be disastrous to the individuals affected, and because there is an increasing market for such information, the HIPAA and HITECH rules specify steep fines for the unauthorized release of such information.
Today HIPAA compliance is extremely important. For businesses or individuals that do not abide by these rules, the penalties can be severe, ranging from various tiers of fines that go up to 1.5 million dollars per violation per calendar year, to penalties that include a combination of fines and jail time.
Additionally, a covered entity that does not comply with HIPAA can not only ruin its reputation, but also lose customers and face a multitude of other legal problems. Any healthcare provider would have a very difficult time recovering from outcomes of such violations, therefore, it is best to do anything possible to prevent it from happening in the first place.
HIPAA is a complex set of rules and regulation, which before was not an easy task to comply with, especially for small business owners. In reality, it is a full-time job for at least one person within an organization, regardless of the size. A typical small practice usually does not have the resources to maintain an internal compliance department or have the budget to hire a full-time compliance officer. As we all know, when it comes to small business, we all have to wear many hats to survive.
Luckily today there are many service providers on the market offering All-in-One easy to use compliance solutions, so nowadays, it is more affordable and easier than ever to comply with HIPAA & HITECH regulations. Many healthcare providers today are taking HIPAA compliance a lot more seriously than for example ten years ago. Such shift in HIPAA compliance awareness levels has taken place in the recent years due to numerous data breaches exposed by the media, as well as ever rising concerns among patients. Today people are being a lot more careful when it comes to selecting healthcare service providers. Most patients today are a lot more educated on these issues, and many fear that their information may be compromised due to negligence on behalf of the management.
Perhaps the factor that has contributed the most to the increase of HIPAA compliance awareness in the country is the recently announced launch of the Phase II of Nationwide HIPAA Compliance Audit Program. The Office of Civil Rights (OCR) of the Department of Health Human Services has been assigned as the agency that will be enforcing many of the HIPAA rules and regulations, especially the ones that deal with securing the information and preventing data breaches or inadvertent disclosures.