The Department of Health and Human Services’ (HHS) Office for Civil Rights had another busy year with HIPAA enforcement.
To date in 2019, OCR imposed 9 financial penalties on HIPAA covered entities and business associates to settle compliance violations and received $12,209,000 of financial penalties due to HIPAA violations. There might be more financial penalties to be issued before the year ends.
In 2019, OCR imposed penalties for compliance violations associated with business associate agreements, risk analyses, risk management, access controls, impermissible disclosures of protected health information (PHI) and breach notifications.
OCR also introduced a different HIPAA compliance enforcement initiative. According to the HIPAA Right of Access initiative, there were two $85,000 financial penalties issued for failures to give patients copies of their healthcare records in a reasonable time period without paying more.
OCR isn’t issuing penalties to healthcare companies and business associates for data breaches, knowing that breaches could occur even if a company is totally compliant. The penalties issued are due to the failure to have an effective HIPAA compliance program in place. If some of those 9 entities had a reliable compliance program set up, they could have avoided a big financial penalty and all negative publicities.
In view of the above, Compliancy Group will host a webinar on January 22 and discuss the topic of OCR’s 2019 HIPAA compliance enforcement actions and enforcement priorities.
Compliancy Group will additionally make clear how easy it is to have an efficient HIPAA compliance program and sustain it. Its compliance coaches are going to give actionable ideas for the prompt security of the business.
Webinar Topic: Lessons and Examples from 2019’s HIPAA Breaches and Fines
When: January 22nd, 2020 @ 2:00 pm ET / 11 am PT
To register, go here.