Homepage About Us Contact Us Subscribers Account Management Area

"Healthcare is maybe the last vestige of industry in this country that can operate using very personal information without one iota of concern for its security.

We aren't going to send in the EDI police. Your competitors are going to make sure we know about it.... But if you violate someone's privacy, we're going to get the FBI and throw your ass in jail."

William Braithwaite, Former HHS
Senior Advisor on Healthcare Information Policy, Planning and Evaluation, DHHS, on the enforcement of HIPAA.
Newsletter
Readiness Test
Introduction
History
Regulations
Compliance Dates
Enforcement
Strategies
Downloads
Glossary
Casualty Reports
Implementation Summary
Compliance Example
HIPAA ENFORCEMENT PROCEDURES
The Health and Human Services Office for Civil Rights (OCR) is responsible for enforcing the HIPAA regulations. The reasoning is that the right of privacy of medical records is a fundamental civil right.

Enforcement activities include:
  • Responding to state requests for exception determinations.
  • Investigating complaints and conducting compliance reviews.
  • Where voluntary compliance cannot be achieved, seeking civil monetary penalties and working with the Justice Department in seeking criminal prosecution.
In order to try to put more teeth into the civil penalties, the Office of Civil Rights will be enforcing the civil side, and the Department of Justice will enforce the criminal side. The breakdown of the civil penalties are not more than $100 for each violation and not more than $25,000 for all violations of identical type during a single calendar year. Improperly obtaining or disclosing individual health information, or improper use of unique health identifiers are subject to the following penalties:
 

Fine

  

Prison

Knowingly

  

$50,000

  

1 Year

False Pretenses

  

$100,000

  

5 Years

For Profit, Gain, or Harm

  

$250,000

  

10 Years
         
HIPAA ENFORCEMENT RULE
Procedures for Investigations, Hearings, and
Imposition of Civil Monetary Penalties
On February 16, 2006 the DHHS published the final Enforcement Rule in the Federal Register. This rule establishes rules of procedure for the imposition, by the Secretary of Health and Human Services, of civil money penalties on entities that violate standards adopted by the Secretary under the Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996, Pub. L. 104-191 ("HIPAA"). The Enforcement Rule sets forth procedural and substantive requirements for imposition of civil money penalties. The DHHS has issued the below rules of procedure to inform covered entities of their approach to enforcement and to advise covered entities of certain procedures that will be followed as the DHHS enforces HIPAA.

The Enforcement Rule is effective on March 16, 2006.

Click on any underlined heading or topic below to read the current enforcement procedures and regulations.
  • Summary and Introduction
  • Background
  • General Approach - Includes The Following Contents:
    • HHS's General Approach to Enforcement
    • HHS's Approach to the Enforcement Rule
    • Administrative Procedure Act
    • Approach of the Interim Final Rule
  • Provisions of the Enforcement Rule - Includes The Following Contents:
    • Applicability
    • Definitions
    • Investigational subpoenas and inquiries
    • Basis for penalty
    • Amount of penalty
    • Authority to settle
    • Notice of proposed determination
    • Failure to request a hearing
    • Collection of penalty
    • Limitations
    • Hearing before an administrative law judge (ALJ)
    • Rights of parties; authority of the administrative law judge (ALJ)
    • Ex-parte contacts
    • Prehearing conferences
    • Settlement
    • Discovery
    • Exchange of witness lists, statements, and exhibits
    • Subpoenas for attendance at the hearing
    • Fees
    • Form, filing, and service of papers; computation of time
    • Motions
    • Sanctions
    • The hearing
    • Witnesses
    • Evidence
    • The record
    • Post-hearing briefs
    • Administrative law judge (ALJ) decision
    • Judicial review; stay of administrative law judge (ALJ) decision
HIPAA Forms
Over 100 Customizable Templates. Includes Privacy and Security policies & procedures, authorizations, checklists and more.
Let's See
Subscriber's
Handbook
Our 'How-To' Guide. A simple roadmap for using our web site for compliance assistance and for satisfying HIPAA's requirements for training all your workforfce members. First time visitors click here.
Let's See
Workforce Training
It's Federal Law. All health care providers workforce members must be trained on HIPAA's Privacy and Security regulations.
Let's See
Training
Documentation
Monitor & Document Workforce Training. Not only is it a HIPAA requirement, but documenting your workforce training is your best bet for reducing your exposure to liabilities associated with breaches of confidentiality of health information.
Let's See
Training Webinars
Our Online HIPAA Privacy/Security Officer and Workforce Training Webinars. Two separate online presentations. One for Privacy & Security Officers and one for workforce members.
Let's See
HIPAA Testing
For Privacy/Secirity Officials and All Workforce Members. Two separate training tests - one for company Privacy/Security Officials and one for workforce members.
Let's See
Implementation
Guidelines
Hundreds of Detailed Privacy & Security Compliance Recomendations. Conveniently categorized for easy use.
Let's See
HIPAA Tutorials
Over 120 Online HIPAA Tutorials. Covering every aspect of HIPAA's Security & Privacy regulations.
Let's See
HIPAA FAQs
Thousands of Frequently Asked Questions. Conveniently categorized answers to over 3000 commonly asked HIPAA questions.
Let's See
HIPAA Directory
Thousands of HIPAA Products & Services. A gigantic HIPAA catalog containing listings of companies offering HIPAA compliant products and services.
Let's See

Read our Web Site Access License Agreement and Privacy Policy

Disclaimer: CAL HIPAA, LLC. obtains its information from sources it believes to be reliable. However, because of the possibility of human and mechanical error as well as other factors, CAL HIPAA, LLC. makes no representations or warranties, express or implied, as to the accuracy or timeliness of its information, and cannot be responsible or liable for any errors or omissions in its information or the results obtained from the use of such information. Information contained on this web site are statements of opinion and not statements of fact or recommendations and do not constitute legal advice. This web site utilizes independent information providers (IIPs) and independent product providers (IPPs). CAL HIPAA, LLC. is not a referral service and does not recommend or endorse any particular IIP or IPP. Rather, CAL HIPAA, LLC. is only an intermediary that provides limited information about IIPs and IPPs. We do not endorse or offer advice regarding the quality or suitability of any product from any IPP, or endorse or offer advice regarding the quality or suitability of any advice from any IIP, or particular provider for any reason, and no information on this Site should be construed as advice or as an endorsement. Users of this site are required to register and to agree, without exception, to our Web Site Access License Agreement. Users are solely responsible for determining whether the information provided on this Site is suitable for their purposes, and reliance on the information is at the user's sole risk. Users should obtain any additional information necessary to make informed decisions.