The Fraud Examiner

Finding and Addressing HIPAA Violations: Stopping Those Little Lapses That Can Cost an Institution So Much

August 2012 

Sponsored by Attachmate Luminet®

attachmate-logo.jpgHealth privacy violations are lethal. They can create reputation management nightmares and generate stiff fines. Even a single HIPAA violation has serious financial consequences. The minimum fine now stands at $50,000, with a maximum penalty per year of up to $1.5 million per each provision of the rules. Since many healthcare privacy breaches involve multiple violations, the cost of not protecting patient privacy can grow very quickly. We’ve even begun to see this demonstrated in the more recent HIPAA compliance enforcement actions. Care providers large and small are feeling the pressure. Even government agencies are not immune.

In a case involving the State of Alaska, the U.S. Department of Health and Human Services levied a HIPAA fine of $1.7 million. This example stands out not only because of the size of the fine but also because it involves a government entity—proving that no organization is immune to HIPAA responsibility. Its also provides an interesting lesson because the initial violation was relatively small. The hefty fine was assessed in part because the state’s HIPAA practices were found to be lax in the ensuing audit. The full details of the fine are available directly from the U.S. Department of Health and Human Services (HHS):

Non-cooperation with HHS investigations has resulted in escalated fines in other cases as well. In 2011, Healthcare provider Cignet was fined $4.3 million for failing to provide 41 patients with copies of their medical records and for failing to respond to requests from HHS's Office of Civil Rights for information related to the complaints.

Sign In

Not a member? Click here to Join Now and access the full page.