The changes to the HITECH Act as of 2009 have ushered in a tremendous burden on medical practices for tracking and reporting possible breaches of protected health information (PHI). Being aware of how patient health information is being handled is critical. You must also understand what constitutes a breach because failure to provide notification following a breach can result in civil and criminal penalties. To avoid heavy fines or even jail time, the following gives a quick overview of the consequences of HIPAA violations and how DataFile can help.
When a person unknowingly divulges patient information, it constitutes a civil penalty of HIPAA violation. This type of violation has differing levels of severity. The nature of the situation and the time period the person had to correct the situation determine the range of the fine. The least severe violation has a minimum penalty of $100 per violation, with a maximum $25,000 fine for repeat violations annually. If the HIPAA violation exceeds the $100 fine the Covered Entity is also required to report it to local news agencies. The most severe violation happens when a person unknowingly divulges patient information due to willful neglect and does not try to correct the situation. The fine for this type of violation is $50,000, with an annual maximum of $1.5 million.
For a HIPAA violation to be considered criminal, the person who committed the violation must have done so willingly, knowing the implications of divulging the patient information. Like the HIPAA civil penalties, there are different levels of severity for criminal violations. The minimum penalty is $50,000 and up to one year in jail. Violations committed under false pretenses require a penalty of $100,000 and up to five years in prison. The most severe penalty is enforced in cases where the intent was to sell, transfer or use patient information for commercial advantage, personal gain, or malicious harm. This type of violation is punishable by a fine of up to $250,000 and up to 10 years of jail time.
For an in-depth definition of these penalties, read more on HHS.gov.
DataFile & HIPAA Liability
DataFile Technologies understands the tremendous responsibility you are have to ensure compliance with the HITECH changes to HIPAA and the desire to avoid any civil or criminal penalties. DataFile provides a medical record fulfillment service that securely handles all fulfillment of a practice’s request for medical records, thereby removing the liability burden from the Covered Entity to DataFile as the Business Associate. This takes the threat of hefty fines and possible jail time off of our customers, so they can sleep easier knowing their records are secure and the job is getting done right.
For more information on how DataFile can securely and quickly handle your Release of Information requests, please contact us today. We handle records requests within 24 hours – and usually at NO cost to the provider.