A Serious Matter
While it is easy to get complacent or even rebellious about following all the federal rules and regulations we all face, it is wise to take HIPAA compliance as a serious issue. Violating the rules related to disclosure of HIPAA-covered information can be costly in more ways than one.
The penalties for HIPAA violations cover both civil and criminal sanctions. Even if an individual or covered entity did not know a violation occurred, the fines can be assessed at $50,000, to an annual maximum of $1.5 million. The government takes any violation seriously, and in some cases the actions taken have put companies out of business over a HIPPA compliance issue.
Exercising Reasonable Diligence
Key factors used in assessing potential penalties in the case of a HIPAA violation are the concepts of reasonable diligence and willful neglect. This basically asks the question of whether adequate steps were taken to prevent a violation and/or did an individual or organization willfully neglect taken necessary precautions.
In an article for Becker’s ASC Review, Laura Miller points out a series of nine proactive steps every covered entity should take to ensure HIPAA compliance. A few of these include:
- Ensuring compliance by business partners. Recent cases have held covered entities liable for violations of HIPAA, even when those partners were not covered entities themselves.
- Track and control covered HIPAA data. You are responsible for all patient and related data from the moment it is collected to how it is used and stored to how it is destroyed.
While many individuals and covered entities are appropriately concerned about active HIPAA-covered records and information, full HIPAA compliance covers the proper destruction of all outdated or discarded records and information. This includes ensuring the approved techniques of shredding are used.
A Document Destruction Certificate can help show HIPAA compliance with regard to old medical records. Do you have them on file?