Given the rise in telehealth, expanding requirements under the 21st Century Cures Act on April 5, 2021, and other factors impacting health information privacy and security, there’s never been a better time to revisit the HIPAA enforcement process and reestablish the importance of employee training. As a result, we have built out this handy tip sheet for you to download to use as a refresher. Along with that, you can find the highlights below:
What is the Typical HIPAA Enforcement Process?
- Office for Civil Rights (OCR) receives HIPAA complaint
- OCR conducts investigation, and possibly a compliance review
- OCR may assign civil monetary penalties and can work with the Department of Justice (DOJ) to determine if criminal penalties are necessary
- OCR works with covered entities that settle and agree to develop a corrective action plan (CAP)
What Are The Top 3 Issues In Investigated Cases1 ?:
- Improper uses and disclosure of Protected health information (PHI)
- Lack of safeguards to protect PHI
- Lack of patient access to PHI
If you are found to be in violation, the HIPAA fines can range from $100 – $1.5M per incident2. Since 2003, OCR has settled or imposed monetary penalties totaling over $135M4
The number of OCR penalties given for HIPAA violations has increased by over 70% in 2020 compared to recent years2 . Considering this, it is still shocking that 33% of healthcare organizations have no policy for disposing of confidential paper documents3 which can pose security and breach related concerns.
When Is HIPAA Training Required?:
- HIPAA training is required within weeks—not months—of hiring a new employee, and before exposure to PHI
- As soon as the Department of Health and Human Services (HHS) implements new guidance or requirements
- When there is a change in workplace policies, procedures, or technology
- Periodically, often interpreted at a minimum as annually
With Steri-Safe HIPAA you get access to up-to-date HIPAA trainings covering topics such as information blocking, privacy and security. Visit Stericycle.com/HIPAA to learn more.