RUNNING HEAD: HIPAA 1

Assignment 5: HIPAA Enforcement and Penalties

Livia Nguyen

NTS435

Professor: Scott Swenka

February 19, 2017

HIPAA 2

HIPAA Enforcement and Penalties

HIPPA (Health Insurance Portability and Accountability Act of 1996) is set by the

federal as a privacy protection standard for patients medical records and health information.

This privacy rule was created to allowed patients to create a stricter access to their medical

records and allow them to have full permission on who can access their information. Patients

will be able to access other important rights that they have through HIPAA. People have until

April 14, 2003 to comply to the privacy rules for most of the entities that was covered by HIPAA.

Business associated have until September 23, 2013 to complied to this private rules for it to work.

There are also the HIPAA security rules, which create a security standard for electronic

protected health information. The security was separated into different categories, include

administrative, technical, and physical security safeguard for any covered by HIPAA. The

security rule will assure the integrity, availability and confidentiality of any electronic protected

health information. Compliance is open until April 20,2005 for most entities covered by the

HIPAA and until September 23, 2013 for business associates.

Since the first compliance date in April 2003, OCR has received more than 148,292

HIPPA complaints, but they also have fix 97% of the problem that was report. OCR (Office of

Civil Right) solved over 24,825 case by making some changes in privacy practices and the

correct way to manage this. OCR has investigated complaints toward national pharmacy chains,

major medical center, group health plans, hospital chains, and small provider office that results

in a total of around $58,210,982.00 up to date with a number of 45 cases. The majority of cases

that was file that has been investigate found no evident show that they have violate any rules in

the HIPAA.
HIPAA 3

OCR has the abilities to determine the amount of the penalty for HIPAA violations and it

is varied based on the violation of the rules. They will investigate and determined it based on the

extent of harm because of the breach. If someone who violate HIPAA for the first time without

knowing that they did might be fine from $100, up to $50,00. If people violate the rules because

they neglect it, but was able to correct it at the right time will be fine between $10,000 to

$50,000 for each violation that they commit. If a violation was not from neglecting and was fix

within 30 days of notice than the OCR cannot fine the violator with the civil penalty.

Violation of privacy rule can also be considered as criminal and may lead to involvement

of the Department of Justice if the hacker discloses patients health information. This will have

increased the penalties with jail time together with the fines. The penalties are varied based on

the violation that was made and how much it affects others that was involved. All of financial,

healthcare offices and any profession related to health care and HIPAA are required to be train

professional and there are no excused for not being train properly.

The recent HIPAA cased show that there are organization out there, who still do not

really take HIPAA seriously. Broward hospital district was investigated and determine to have

fail to prove that they have correctly manage their access that lead to a security breach. This

cased result in 80,000 of patients information being stolen and some has been report to have has

their identity stolen. They were fine $5.5M for this violation and investigation show that they

have not correctly log their access control and properly managing it. Childrens Medical Center

of Dallas is another that fall for HIPAA violations that lead to the penalties of $3.2M settlement.

That show that there are many organization out there, who still does not fully understand how

HIPAA work and what they should do to prevent this type of violation and penalties issue. It

will continue to spread as long as people did not pay more attention to the problems.
HIPAA 4

References:

Enforcement Highlights. (2017, February 13). Retrieved February 18, 2017, from

https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/data/enforcement-

highlights/index.html

Reality of HIPAA Violations and Enforcement. (2015, March 17). Retrieved February 18, 2017,

from https://www.hipaa.com/the-reality-of-hipaa-violations-and-enforcement/

Brown, A. (2017, February 16). Poor Access Management Leads to $5.5 Million HIPAA Penalty.

Retrieved February 18, 2017, from http://mspmentor.net/vertical-markets/poor-access-

management-leads-55-million-hipaa-penalty

Conn, J. (2017, February 3). Children's Medical Center of Dallas settles with feds over HIPAA

violations. Retrieved February 18, 2017, from

http://www.modernhealthcare.com/article/20170203/NEWS/170209963