Everyone in the healthcare industry knows about HIPAA (the Health Insurance Portability and Accountability Act), that has been in effect since 1996. The goal of the legislation was fairly simple – to safeguard our patient health information. The law dictated to entities how to protect health information (PHI), how it can be shared when it can be shared, and with whom it can be shared. To date, even the best of healthcare organizations struggle with feeling confident that they have all the required areas covered to protect and prevent HIPAA violations from occurring in their organization. It is well documented that by initiating proper training and implementing effective monitoring tools, HIPAA violations can be reduced or more readily identified in the workplace. Often there is not clear communication to employees about “what constitutes a HIPAA breach” and how can this be reported in your organization without “fear of retaliation”. According to a 2014 writing in HealthWorks Collective, a full 50% of persons polled rated training and educating staff as their biggest hurdle to HIPAA compliance. In most cases, the complaints surround a lack of qualified staff to perform the training or a general lack of time in which the training can be completed. The biggest challenges organizations face coast-to-coast are:

• A lack of effective training

• Little or no monitoring tools or follow-up

• Issues with technology support

Remember, in cases of noncompliance where the covered entity does not satisfactorily resolve the matter, Office of Civil Rights (OCR) may decide to impose civil money penalties (CMPs) on the covered entity. CMPs for HIPAA violations are determined based on a tiered civil penalty structure. This can be very costly to organizations as well as damaging to the business reputation if effective safeguards are not put in place. 

A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information. According to HHS.gov, failure to comply with HIPAA can also result in civil and criminal penalties. If a complaint describes an action that could be a violation of the criminal provision of HIPAA, Office of Civil Rights (OCR) may refer the complaint to the Department of Justice (DOJ) for investigation. Administrative Simplification Regulations, face a fine of up to $50,000, as well as imprisonment up to 1 year. Offences committed under false pretences allow penalties to be increased to a $100,000 fine, with up to 5 years in prison. In this webinar conference, you will take away valuable information that will assist you in creating and maintaining a “culture of compliance” that will train and support your employees in respecting their patient privacy information, making all efforts to avoid the “Wall of Shame”.