Documente Academic
Documente Profesional
Documente Cultură
Livia Nguyen
NTS435
HIPPA (Health Insurance Portability and Accountability Act of 1996) is set by the
federal as a privacy protection standard for patients medical records and health information.
This privacy rule was created to allowed patients to create a stricter access to their medical
records and allow them to have full permission on who can access their information. Patients
will be able to access other important rights that they have through HIPAA. People have until
April 14, 2003 to comply to the privacy rules for most of the entities that was covered by HIPAA.
Business associated have until September 23, 2013 to complied to this private rules for it to work.
There are also the HIPAA security rules, which create a security standard for electronic
protected health information. The security was separated into different categories, include
administrative, technical, and physical security safeguard for any covered by HIPAA. The
security rule will assure the integrity, availability and confidentiality of any electronic protected
health information. Compliance is open until April 20,2005 for most entities covered by the
Since the first compliance date in April 2003, OCR has received more than 148,292
HIPPA complaints, but they also have fix 97% of the problem that was report. OCR (Office of
Civil Right) solved over 24,825 case by making some changes in privacy practices and the
correct way to manage this. OCR has investigated complaints toward national pharmacy chains,
major medical center, group health plans, hospital chains, and small provider office that results
in a total of around $58,210,982.00 up to date with a number of 45 cases. The majority of cases
that was file that has been investigate found no evident show that they have violate any rules in
the HIPAA.
HIPAA 3
OCR has the abilities to determine the amount of the penalty for HIPAA violations and it
is varied based on the violation of the rules. They will investigate and determined it based on the
extent of harm because of the breach. If someone who violate HIPAA for the first time without
knowing that they did might be fine from $100, up to $50,00. If people violate the rules because
they neglect it, but was able to correct it at the right time will be fine between $10,000 to
$50,000 for each violation that they commit. If a violation was not from neglecting and was fix
within 30 days of notice than the OCR cannot fine the violator with the civil penalty.
Violation of privacy rule can also be considered as criminal and may lead to involvement
of the Department of Justice if the hacker discloses patients health information. This will have
increased the penalties with jail time together with the fines. The penalties are varied based on
the violation that was made and how much it affects others that was involved. All of financial,
healthcare offices and any profession related to health care and HIPAA are required to be train
professional and there are no excused for not being train properly.
The recent HIPAA cased show that there are organization out there, who still do not
really take HIPAA seriously. Broward hospital district was investigated and determine to have
fail to prove that they have correctly manage their access that lead to a security breach. This
cased result in 80,000 of patients information being stolen and some has been report to have has
their identity stolen. They were fine $5.5M for this violation and investigation show that they
have not correctly log their access control and properly managing it. Childrens Medical Center
of Dallas is another that fall for HIPAA violations that lead to the penalties of $3.2M settlement.
That show that there are many organization out there, who still does not fully understand how
HIPAA work and what they should do to prevent this type of violation and penalties issue. It
will continue to spread as long as people did not pay more attention to the problems.
HIPAA 4
References:
Enforcement Highlights. (2017, February 13). Retrieved February 18, 2017, from
https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/data/enforcement-
highlights/index.html
Reality of HIPAA Violations and Enforcement. (2015, March 17). Retrieved February 18, 2017,
from https://www.hipaa.com/the-reality-of-hipaa-violations-and-enforcement/
Brown, A. (2017, February 16). Poor Access Management Leads to $5.5 Million HIPAA Penalty.
management-leads-55-million-hipaa-penalty
Conn, J. (2017, February 3). Children's Medical Center of Dallas settles with feds over HIPAA
http://www.modernhealthcare.com/article/20170203/NEWS/170209963