Defending Against HIPAA Violations in Illinois
In 1996, the federal government passed the Health Insurance Portability and Accountability Act (HIPAA). The law was created to establish national standards to protect sensitive patient health information from being disclosed to any other party unless the patient consents. In order to implement the requirements of the standards, the HIPAA Privacy Rule was established. Entities that are subject to the Privacy Rule include healthcare providers, health plans, and healthcare clearinghouses. Violations of HIPAA can result in hefty civil fines and even criminal charges.
Examples of HIPAA Violations
There are a number of actions that could result in a violation allegation. These include:
-
The medical practice is a victim of a data breach.
-
The medical practice fails to dispose of patient medical records properly. For example, if the practice replaces electronic equipment, the old equipment hard drives are not erased.
-
An employee of the practice loses a non-encrypted computer, tablet, or phone.
-
Employees of the practice are not sufficiently trained in HIPAA compliance.
-
Employees of the practice share private health information of patients in open areas – i.e., reception area, restrooms, breakroom, etc.
Level of Violations
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) is the federal agency that is in charge of HIPAA oversight. In most situations, the OCR attempts to resolve any violations with voluntary compliance guidelines instead of penalizing the practice and/or organization accused. If voluntary compliance measures do not resolve the problem, the OCR may initiate financial penalties.
Violations are broken into tier levels:
-
Tier 1 – The accused had a lack of knowledge of the violation. The penalty per violation is a minimum of $120 up to $60,226.
-
Tier 2 – The accused had a reasonable cause of culpability of the violation. The penalty per violation is a minimum of $1205 up to $60,226.
-
Tier 3 – There accused had a willful neglect of culpability of the violation. Penalty per violation is minimum $12,045 up to $60,226.
-
Tier 4 – The accused had extended willful neglect of culpability of the violation. Penalty per violation is minimum $60,226 up to $ 1,806,757.
In addition to financial penalties, OCR can also exclude the practice from participating in Medicare. There is also the possibility of criminal charges. The Department of Justice oversees prosecution for these cases. A conviction for a Tier 1 criminal charge (no knowledge or reasonable cause) can result in up to one year in jail. A Tier 2 conviction (false pretenses) conviction means up to five years in prison, and a conviction for a Tier 3 (malicious intent or personal gain) violation will result in up to 10 years in jail.
Let an Illinois Professional License Defense Attorney Help
If you or your practice has been accused of a HIPAA violation, contact a skilled Illinois HIPAA violation defense lawyer to help defend against these accusations. Call The Law Offices of Joseph J. Bogdan, Inc. at 630-310-1267 to schedule a free and confidential consultation.
Sources:
https://www.hipaajournal.com/what-are-the-penalties-for-hipaa-violations-7096/
https://www.cdc.gov/phlp/publications/topic/hipaa.html
https://www.hhs.gov/hipaa/for-professionals/privacy/index.html