The Health Insurance Portability and Accountability Act, commonly known as HIPAA, was put in place to protect people’s health and personal information from being misused. All covered entities are encouraged to become HIPAA certified to avoid these breaches from happening. As of February 18, 2009, HIPAA has increased the penalty amounts for perpetrators. Initially, the penalty is considered a violation, and will be charged based upon the level of seriousness of the violation:
- There will be a $100 – $500 per violation.
There are two instances where a violation fee will not be imposed:
- If the covered entity does not show evidence of neglect, and corrects HIPAA violations within a 30 day period of being notified.
- The Department of Justice decides to impose a criminal penalty instead.
Criminal penalties also vary depending on the the situation surrounding the HIPAA violation, but are much more serious in terms of fines and added jail time:
- If a person knowingly takes or reveals health information, he or she will receive a year in jail and a $50,000 fine.
- If there is evidence of false pretenses, there will be a $100,000 fine and a 5 year jail sentence
- If health information is sold for commercial advancement, personal gain or harm, there will be a $250,000 and a 10 year jail sentence.
It is very important for a covered entity to be HIPAA certified for the safety of everyone involved. There are measures that need to be taken and followed very strictly in order for a covered entity to become HIPAA certified. There is are various HIPAA training programs to choose from and mandatory to attend all sessions when the covered entity has chosen one, but there is more to be done to become and remain HIPAA certified:
- A covered entity must development, implement and maintain written privacy policies and procedures that correlate with the Privacy rule that is underlined in HIPAA.
- A covered entity must hire responsible and trustworthy personnel to place in charge.
- A covered entity must make it mandatory that all employees attend and complete a HIPAA training class.
- A covered entity must make it priority to check the U.S. department of Health and Human Services website frequently for any recent changes.
- A covered entity must have in place proper procedures to handle anyone who violates HIPAA.
- A covered entity must have the right safeguards put in place in their administrations, technologies and for physical protection.
- A covered entity must have a proper procedure for anyone with a complaint that deals with HIPAA violations.
- A covered entity is not allowed in any way to retaliate against anyone with complaints.
- A covered entity is now allowed in any way to force anyone to waive their HIPAA rights in order to receive treatment by them.