HIPAA happenings: HIPAA, HITECH fines are the tip of the iceberg
HIM-HIPAA Insider, August 4, 2014
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
When you think about a data breach, you probably think about things like maximum fines and penalties of $1.5 million, willful neglect, corrective action plans, and so forth, right? Well, think again. When a breach occurs, HIPAA and HITECH are not the only laws covered entities (CE) and business associates (BA) are up against. Further, the fines and penalties associated with breaches under HIPAA and HITECH are only the tip of the iceberg.
A CE and BA may face many more liabilities than those that might be imposed by OCR for breaches under HIPAA and HITECH. These additional liabilities, or exposures, are of two types. The first is internal exposure, which disrupts the organization's operations. The second is external exposure, which comes from additional regulatory agencies and from laws outside HIPAA and HITECH. Although CEs and BAs may be aware that additional liabilities exist, the impact they may have on an organization's operations and its ability to conduct business may be less understood.
Once a breach occurs, various actions must follow. The most obvious is the need to assess the suspected breach, and if necessary report the breach to the relevant parties, including OCR. The timing of this reporting is contingent on the size of the breach. Organizations must report large breaches (those affecting 500 or more individuals) within 60 days of discovery. Small breaches (those affecting less than 500 individuals) must be reported within 60 days of the end of the calendar year. In addition to a breach assessment, additional actions must be taken to address the security of ePHI. These steps may have an enormous impact on an organization.
In its study The True Cost of Compliance: A Benchmark Study of Multinational Organizations, the Ponemon Institute analyzed the costs associated with a breach and assigned them to four categories:
- Business disruptions
- Business productivity losses
- Lost revenues
- Fines, penalties, and other settlement costs
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
Most Popular
- Articles
-
- Don't forget the three checks in medication administration
- The consequences of an incomplete medical record
- Practice the six rights of medication administration
- Nursing responsibilities for managing pain
- Complications from immobility by body system
- Note similarities and differences between HCPCS, CPT® codes
- Q&A: Primary, principal, and secondary diagnoses
- Skills of effective case managers
- Prevent dehydration with nursing interventions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Correctly bill ancillary bedside procedures in addition to the room rate
- The Cincinnati Pre-Hospital Stroke Scale
- Q: Will Medicare cover homecare services to residents of assisted living facilities (ALFs)?
- Q/A: Coding infusions to correct low potassium levels
- Q&A: Utilization Review Committee Membership
- OB services: Coding inside and outside of the package
- Know the medical gas cylinder storage requirements
- Intravenous therapy guidelines
- ICD-10-CM coma, stroke codes require more specific documentation
- Eight tips to improve MRI throughput
- Searched
-
- cold weather preparedness in hospital
- 99285 and 99285 with modifier 25
- Nursing home administrator
- 72 hour supervised fasting
- 5.If the ICD10CM replaces ICD9CM Volumes 1 and
- anesthesia code for 45331
- Dynaper
- evidencebased competency management INVALIDem
- g0260
- How to prevent hospitalacquired pressure ulcersinj