With the regular and much needed update to critical standards such as HIPAA, auditors and compliance experts need to be continuously on their toes to review and acquaint themselves with these new developments. One of the latest such updates is the Health Information Portability and Accountability (HIPAA) Enforcement rule, which has caused quite a stir in the industry due to confusion about its applicability. To set certain things clear, HIPAA Enforcement will not be applicable as long as organizations value the privacy and security of the Protected Health Information (PHI) of their customers while also abiding by the HIPAA compliance requirements. For businesses in the healthcare industry, HIPAA compliance is essential.

HIPAA Enforcement Rules apply when an organization fails to follow the HIPAA Privacy, Security, and Breach Notification Rules. There are significant consequences for HIPAA violations. HIPAA is enforced through various enforcement actions dictated by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR).

What is the HIPAA Enforcement Rule?

HHS has set specific rules for HIPAA Compliance. The enforcement rule includes directives for compliance, investigation, and penalties for violations. It also details the procedures and monetary fines for imposing civil penalties on Covered Entities that violate any HIPAA requirements. The Office of Civil Rights within HHS is tasked with the responsibility of investigating the violation. Based on the investigation, the OCR determines if the Covered Entity or the Business Associate was in compliance with the HIPAA Security and Privacy Rule or whether the rule was violated. OCR reviews the information, and evidence is gathered for each case. If the evidence indicates that the Covered Entity was not compliant, OCR will attempt to resolve the case with the Covered Entity through voluntary compliance, corrective action, and/or resolution agreement.

How does the HIPAA (Read more...)