The High Cost of HIPAA Violations
The Health Insurance Portability and Accountability Act (HIPAA) protects the Personal Health Information (PHI) held by physicians, clinics, hospitals, pharmacies, health insurance companies, and other healthcare organizations. PHI is made up of any information related to
the patient including the healthcare record or medical chart, and payment data.
EXAMPLES OF PHI
• Patient Name
• Address
• Date of Birth
• Phone number
• Medical Record Number
There are severe penalties that can be levied against individuals and organizations for not following HIPAA regulations. Civil penalties can go as high as 1.5 million per violation and criminal penalties can land you in jail for up to 10 years. For example, merely sending regular emails to patients (emails that are not encrypted and secure) can cost you up to a $10,000 fine for each email sent. Email services such as Gmail, Hotmail, Yahoo, AOL, and Outlook, to name a few, are typically unencrypted. Here are three more brief examples of fines.
• $100,000 fine for a 5 physician practice for not safeguarding PHI • $1 million for leaving patient info on the subway • $2.25 million for not disposing of patient information
The HIPAA infographic below gives you a quick graphical glimpse of some penalties imposed by the federal government and a breakdown of the fines that are on the table for noncompliance with HIPAA.
Infographic authored by Inspired eLearning, providers of online security awareness and training programs. To view the original post, check out the original HIPAA violation infographic.
HIPAA defines specific types of protected health information, and prohibits any unauthorized disclosure of patient’s information by any healthcare employee.