HIPAA, we’re all familiar with the word, right? It’s something to do with doctors, patients, and all the information between.
You might also know it’s a set of rules that protects the personal healthcare information clients tell their doctors, often in confidence, from external or unwanted exposure to outside entities.
But the truth is, HIPAA is much more than that! Today, we’re going to explore HIPAA in greater detail. And who knows, maybe you’ll learn something that could save you a massive fine down the road!
Fun Facts About HIPAA
Here are some fun facts and common questions and answers about HIPAA you won’t want to miss!
HIPAA stands for The Health Insurance Portability and Accountability Act.
Enacted in 1996, the Act goes beyond protecting personally identifiable information. It also works to modernize the flow of healthcare information and address limitations on healthcare insurance coverage.
Once it was enacted, the healthcare industry as a whole underwent massive changes. And since then, it continues to evolve.
What is the average fine for a HIPAA violation?
The average fine amount for a violation of HIPAA is $1,500,000.
It’s also worth noting the issuance of a fine doesn’t have to be a result of a large-scale breach. Rather, small issues are the cause of most fines.
These include things like:
- An employee losing or misusing a portable device with patient information
- Communicating with a patient through unencrypted means
Although laborious and time-consuming, healthcare providers should regularly train and retrain staff on HIPAA regulations. At the same time, stringent regulations and safeguards to protect against violations are encouraged.
Do you know the most frequent ways your organization violates HIPAA? We cover them in this post.
How long is Protected Health Information (PHI) protected?
Information protected under HIPAA, known as Protected Health Information (PHI), is covered for 50 years after death. This balances the privacy interests of surviving individuals with the crucial needs of biographers and historians who use this information for historical purposes.
While there are a few caveats, it’s assumed this information is protected with the same vigor as it would be for a living person.
HIPAA enforcement is up 400 percent.
As we continue modernizing healthcare infrastructure and moving a growing list of systems into the digital space, healthcare operators continue to open themselves up to vulnerabilities.
As a result, HIPAA enforcement is stronger than ever before, and the Department of Health and Human Services has made enforcement of these regulations a priority.
94% of HIPAA audits fail the HIPAA Risk Analysis requirement.
The Office for Civil Rights now requires Covered Entities to conduct a risk assessment as a stipulation of HIPAA. Covered Entities must take stock of their vulnerabilities and safeguards on an annual basis as part of the assessment.
But according to recent data, 94 percent of these entities are not correctly following this mandate and are being fined accordingly.
Now is a good time to ask yourself if your healthcare facility needs a cybersecurity insurance policy. Get the answer here.
There are minor and meaningful breaches.
The Department of Human and Health Services categorizes breaches into minor and meaningful categories.
Minor is a breach that affects fewer than 500 individuals, while a significant breach affects more than 500.
All major breaches reported to HHS are posted on their “Wall of Shame.”
Nobody wants to be on a Wall of Shame! At the same time, they don’t want to face a fine that could be in the millions of dollars either. And while HIPAA compliance can often seem like a daunting task, it’s a necessary one!
Covered Entities must take all the necessary steps to ensure compliance.
The protection of personal information is at the heart of healthcare. It’s imperative the safeguard of this information remains a cornerstone of healthcare for the many years to come.
Are you ready to learn how we can help with this? Click here to schedule a free 15-minute consultation and let’s get started.
Did you learn a lot from this post about HIPAA? Here are three more to read next:
Cyber-Security Insurance- Does Your Healthcare Facility Need a Policy?
Replacement Screens to Hijack Phones
VPN for Healthcare Workers who work from Home – Security Risks