Ignore HIPAA and pay the price
HIM Connection, April 27, 2004
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Breaking the Health Insurance Portability and Accountability Act of 1996's (HIPAA) privacy or security rules can bring civil or criminal penalties.
Civil penalties include not only large fines, but also jail time. The penalties increase with the seriousness of the offense. Selling patient information for personal gain is more serious than an accidental release, so it brings stiffer penalties. These penalties can be as high as a $250,000 fine or a prison sentence of up to 10 years. The following are examples of violations and possible penalties:
- Knowingly releasing patient information in violation of HIPAA can result in a one-year jail sentence and $50,000 fine
- Gaining access to health information under false pretenses can result in a five-year jail sentence and a $100,000 fine
- Releasing patient information with harmful intent or selling the information can lead to a 10-year jail sentence and a $250,000 fine
What if I see someone breaking the rules?
Part of your job is to help maintain privacy for patients as they receive care, and to stick to the rules laid out by HIPAA. Your organization's administration expects all employees to adhere to privacy and confidentiality policies, but knows there may be times when some employees do not follow them.
Employees are encouraged to report violations or suspected abuses to the organization's privacy official. You may report them anonymously by following the procedures given to you by your organization.
Don't fear retaliation if you report a privacy violation. The organization does not punish employees for reporting violations. In fact, it is part of your job to report instances in which you suspect the privacy or confidentiality policies are being broken.
This week's excerpt is from the book, "HIPAA Training Handbook for HIM Staff: Privacy, security, and patient's rights under HIPAA," by Margret Amatayakul, MBA, RHIA, FHIMSS. Click here to order or learn more.
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- HIPAA Q&A: Level of encryption needed for email
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- News and briefs: Oklahoma Osteopathic Association against residency bill change
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q&A: Follow CMS' coding guidelines when using modifier -25
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched