HC Compliance Essentials

1 Comments For This Post

1. HIPAA Privacy Security Expert Says:
   January 17th, 2010 at 10:11 pm

   Hi,

   I would also like to further add few points on New Interim Rule on HIPAA Penalties.

   HIPAA establishes criminal penalties for a knowing misuse of unique health identifiers and individually identifiable health information:

   • A fine of not more than $50,000 and/or imprisonment of not more than one year
   • If misuse is under false pretenses, a fine of not more than $100,000 and/or imprisonment of not more than five years
   • If misuse is with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, a fine of not more than $250,000 and/or imprisonment of not more than ten years.

   The specific offenses to which harsher penalties apply include:

   • Using a unique health identifier in violation of the HIPAA requirements for fraudulent purposes. Unique health identifiers include:
   • Provider identifiers (effective May 23, 2007)
   • Employer identifiers (currently in effect)
   • Health plan identifiers (the rule for which has yet to be drafted by CMS)
   • Individual identifiers (not likely to be defined and publication of a rule is unlikely)
   • Obtaining or using individually identifiable health information in violation of the HIPAA privacy requirements
   • Disclosing individually identifiable health information in violation of the HIPAA privacy requirement

   In addition to significant financial penalties, remaining noncompliance might result in these additional consequences:
   • Claims not honored
   • Bad press
   • Loss of reputation
   • Legislative or state audits
   • State law violations (such as of consumer protection laws)
   • Civil lawsuits (HIPAA doesn’t provide for any private right of action, but that doesn’t prevent individuals filing suits for damages.)

Leave a Reply

• Popular
• Comments
• Featured
• Tags