|
 |
 |
WHAT IS HIPAA?
"HIPAA" is an acronym for the Health Insurance Portability & Accountability Act of 1996 (August 21), Public Law 104-191, which amended the Internal Revenue Service Code of 1986. Also known as the Kennedy-Kassebaum Act, the Act includes a section, Title II, entitled Administrative Simplification, requiring:
- Improved efficiency in healthcare delivery by standardizing electronic data interchange, and
- Protection of confidentiality and security of health data through setting and enforcing standards.
More specifically, HIPAA called upon the Department of Health and Human Services (HHS) to publish new rules that will ensure:
- Standardization of electronic patient health, administrative and financial data
- Unique health identifiers for individuals, employers, health plans and health care providers
- Security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.
|
Who is affected?
Virtually all healthcare organizations – including all healthcare providers, health plans, public health authorities, healthcare clearinghouses, and self-ensured employers – as well as life insurers, information systems vendors, various service organizations, and universities.
|
Sanctions and Penalties
Penalties established for non-compliance with HIPAA's requirements are:
-
Personal liability: individuals may be liable for up to 10 years in prison and $250,000 in fines for intentional misuse of protected health information
-
Organizational liability: Healthcare organizations are liable for up to $25,000 in fines for each standard violated
| Monetary Penalty |
Imprisonment Penalty |
HIPAA Offense |
| $100 |
N/A |
Single violation of a provision |
| Up to $25,000 |
N/A |
Multiple violations of an identical requirement or prohibition made during a calendar year |
| Up to $50,000 |
Up to one year |
Wrongful disclosure of individually identifiable health information |
| Up to $100,00 |
Up to five years |
Wrongful disclosure of individually identifiable health information committed under false pretenses |
| Up to $250,000 |
Up to 10 years |
Wrongful disclosure of individually identifiable health information committed under false pretenses with intent to sell, transfer, or use for commercial advantage, personal gain, or malicious harm |
-
Accreditation: Accreditation organizations such as JCAHO are expected to require compliance in the future
-
Federal Programs: Noncompliance is also expected to result in exclusion from federal programs such as Medicare
|
|
Additional Resources
|
|
|
