#HIPAA Fines Looking back at compliance and fines imposed makes you hope that governing bodies like the Office for Civil Rights (OCR) will reduce the amount of HIPAA penalties to be levied in the future, but that’s simply wishful thinking. Judging by the totals from 2018, violation settlements are here for good and practices need to be prepared.
Some examples* of expensive 2018 settlements:
- The medical record storage firm Filefax, Inc. sustained a $100,000 penalty early in 2018
- Fresenius Medical Care North America was subject to a $3,500,000 fine
- EmblemHealth was fined $575,000 in March of 2018 by the New York Attorney General’s Office
- Aetna was fined $1,150,000 in January for a breach that occurred in July of 2017
- And in late 2018, Anthem Inc.’s infamous multi-million dollar violation case – one of the most costly in HIPAA’s history — was settled for $16,000,000
2018 was marked by a record-breaking total amount of penalties. The OCR levied $25,683,400 in fines over the course of the year for HIPAA violations, with the mean penalty being more than $2.5 million.
According to The HIPAA Journal, “HIPAA enforcement is likely to continue to see financial penalties issued for common HIPAA violations such as the failure to conduct regular risk assessments.” As such statements show, ongoing risk assessments are not just recommended, they’re required. And for good reason.
HIPAA compliance is never a “one-and-done” proposition. It requires an evolving, long-term commitment on the part of any company that has exposure to electronic patient data. Remember that “covered entities,” include any business associate that may have access to an IT network of a healthcare company maintaining these records.
The OCR will not let up when it comes to unearthing HIPAA violations and enacting budget-breaking, devastating penalties. HIPAA risk assessments should be a continuous effort that is part of your IT and Cybersecurity service provider offering to your practice(s).
Vijilant provides two levels of HIPAA compliance reporting support as part of our low monthly price per device.
Source: Office for Civil Rights (OCR) 02/2019