HIPAA happenings: HIPAA, HITECH fines are the tip of the iceberg
HIM-HIPAA Insider, August 4, 2014
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
When you think about a data breach, you probably think about things like maximum fines and penalties of $1.5 million, willful neglect, corrective action plans, and so forth, right? Well, think again. When a breach occurs, HIPAA and HITECH are not the only laws covered entities (CE) and business associates (BA) are up against. Further, the fines and penalties associated with breaches under HIPAA and HITECH are only the tip of the iceberg.
A CE and BA may face many more liabilities than those that might be imposed by OCR for breaches under HIPAA and HITECH. These additional liabilities, or exposures, are of two types. The first is internal exposure, which disrupts the organization's operations. The second is external exposure, which comes from additional regulatory agencies and from laws outside HIPAA and HITECH. Although CEs and BAs may be aware that additional liabilities exist, the impact they may have on an organization's operations and its ability to conduct business may be less understood.
Once a breach occurs, various actions must follow. The most obvious is the need to assess the suspected breach, and if necessary report the breach to the relevant parties, including OCR. The timing of this reporting is contingent on the size of the breach. Organizations must report large breaches (those affecting 500 or more individuals) within 60 days of discovery. Small breaches (those affecting less than 500 individuals) must be reported within 60 days of the end of the calendar year. In addition to a breach assessment, additional actions must be taken to address the security of ePHI. These steps may have an enormous impact on an organization.
In its study The True Cost of Compliance: A Benchmark Study of Multinational Organizations, the Ponemon Institute analyzed the costs associated with a breach and assigned them to four categories:
- Business disruptions
- Business productivity losses
- Lost revenues
- Fines, penalties, and other settlement costs
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
-
Briefings on APCs
Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...
-
HIM Briefings
Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...
-
Briefings on Coding Compliance Strategies
Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...
-
Briefings on HIPAA
How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...
-
APCs Insider
This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...
Most Popular
- Articles
-
- Don't forget the three checks in medication administration
- Steps for maintaining patient privacy
- Know guidelines and subtle differences in code descriptions for laceration repairs
- Practice the six rights of medication administration
- Nursing responsibilities for managing pain
- Complications from immobility by body system
- Note similarities and differences between HCPCS, CPT® codes
- Neurological checks for head injuries
- Prevent dehydration with nursing interventions
- Q&A: Primary, principal, and secondary diagnoses
- E-mailed
-
- Searched