HIPAA - Health Insurance Portability And Accountability Act Of 1996
What does it mean?
- Addresses the security and privacy of health data
- Requires health care organizations to "maintain reasonable and appropriate, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information"
- Applies to health information (such as medical records) held or disclosed in any form
Who is affected?
Any organization with access to patient information, such as:
- Clinics and hospitals
- Pharmaceutical companies
- Healthcare clearinghouses
- Doctors and nurses
- Insurance companies
- Business associates of covered entities
What is the impact? (penalties and fines)
- Complaints lead to compliance review and report
- Noncriminal violation (including disclosures made in error):
Fines of $100 - $50,000 per violation and up to $25,000 - $1.5 million per year, for similar violations
- Potential criminal penalties:
- Wrongful disclosure: $50,000 fine, 1 year in prison, or both
- Offense under false pretenses: $100,000 fine, 5 years in prison, or both
- Offense with intent to sell information: $250,000 fine, 10 years in prison, or both
How to reach compliance?
- Implement polices and procedures related to accessing information to ensure protected health information is properly secured and not disclosed
- Maintain Business Associate Agreements with outside suppliers who have access to protected health information
- Keep documentation in accordance with your internal document retention policy
Contact Us and a Cintas Document Management expert will do a no-obligation evaluation of your healthcare facility's information management needs.