UPIC Audits, ZPIC Audits, Medicaid Audits, Private Payor Audits, Medicare Suspensions, Revocations Actions, State Licensure Board Actions
-->

HIPAA


The Health Insurance Portability and Accountability Act (HIPAA) was enacted by Congress on August 21, 1996.  HIPAA regulates the availability and exchange of “Protected Health Information” (PHI) and helps prevent the unlawful release of patient medical information. The statute also helps to reduces instances of health care fraud, abuse, and sets standards for industry-wide billing procedures.  Under HIPAA, health care providers are obligated to take a wide range of steps designed to secure and protect PHI.

“Privacy Rule” and a “Security Rule” are covered under HIPAA. These rules apply to “Covered Entities,” which include health plans, health care clearinghouses such as billing services, and health care providers that transmit health data in a way that is regulated by HIPAA. The Privacy Rule and the Security Rule have been designed to protect patient privacy and set standard procedures for the security of electronic PHI (e-PHI). Together, these two rules establish national standards for ensuring that a patient’s health information is kept confidential and secure.

Civil Monetary Penalties (CMPs) and criminal penalties may be imposed for HIPAA violations. CMPs are calculated on a per day basis with penalties ranging from $100 to $50,000 per violation. Criminal penalties range up to 10 years in prison.

Covered entities and business associates should ensure that they are in full compliance with HIPAA requirements.  You must takes steps to immediately conduct a full Security Rule risk assessment and mitigate any identified risks to patient PHI.

If you need help conducting a risk assessment or instituting a full compliance program, then we would be more than happy to assist you. Give us a call today. We can be reached at: 1 (800) 475-1906. 

Download PDF