HIPAA happenings: HIPAA, HITECH fines are the tip of the iceberg
HIM-HIPAA Insider, August 4, 2014
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
When you think about a data breach, you probably think about things like maximum fines and penalties of $1.5 million, willful neglect, corrective action plans, and so forth, right? Well, think again. When a breach occurs, HIPAA and HITECH are not the only laws covered entities (CE) and business associates (BA) are up against. Further, the fines and penalties associated with breaches under HIPAA and HITECH are only the tip of the iceberg.
A CE and BA may face many more liabilities than those that might be imposed by OCR for breaches under HIPAA and HITECH. These additional liabilities, or exposures, are of two types. The first is internal exposure, which disrupts the organization's operations. The second is external exposure, which comes from additional regulatory agencies and from laws outside HIPAA and HITECH. Although CEs and BAs may be aware that additional liabilities exist, the impact they may have on an organization's operations and its ability to conduct business may be less understood.
Once a breach occurs, various actions must follow. The most obvious is the need to assess the suspected breach, and if necessary report the breach to the relevant parties, including OCR. The timing of this reporting is contingent on the size of the breach. Organizations must report large breaches (those affecting 500 or more individuals) within 60 days of discovery. Small breaches (those affecting less than 500 individuals) must be reported within 60 days of the end of the calendar year. In addition to a breach assessment, additional actions must be taken to address the security of ePHI. These steps may have an enormous impact on an organization.
In its study The True Cost of Compliance: A Benchmark Study of Multinational Organizations, the Ponemon Institute analyzed the costs associated with a breach and assigned them to four categories:
- Business disruptions
- Business productivity losses
- Lost revenues
- Fines, penalties, and other settlement costs
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
Most Popular
- Articles
-
- Math can be tricky: TJC corrects ABHR storage requirement
- Air control equals infection control
- Don't forget the three checks in medication administration
- Note similarities and differences between HCPCS, CPT® codes
- Residency coordinators’ responsibilities
- The consequences of an incomplete medical record
- Practice the six rights of medication administration
- OB services: Coding inside and outside of the package
- Study: Shorter shifts reduces residents’ attentional failures
- Q&A: Primary, principal, and secondary diagnoses
- E-mailed
-
- OSHA HazCom updates include labeling, SDS requirements
- Air control equals infection control
- Q&A: Coding from pathology/radiology reports
- Q&A: Are colleges sending students to our facility for rotations business associates?
- Nursing's growing role
- Note similarities and differences between HCPCS, CPT® codes
- Note from the instructor: CMS clarifies billing guidelines on proper billing for drugs in a single-dose or single-use vial, including billing for discarded drugs
- Fracture coding in ICD-10-CM requires greater specificity
- Five ways to safeguard your patients' valuables
- Differentiate between types of wound debridement
- Searched