Share this article on:
It has been another busy year of HIPAA enforcement for the Department of Health and Human Services’ (HHS) Office for Civil Rights.
So far in 2019 there have been 9 financial penalties imposed on HIPAA covered entities and business associates to resolve compliance failures. In total, $12,209,000 has been paid as a result of HIPAA violations and more financial penalties could be announced before the year is out.
2019 has seen OCR continue to impose penalties for compliance failures related to risk analyses, risk management, business associate agreements, access controls, breach notifications, and impermissible disclosures of protected health information, as has been the case over the past few years.
2019 also saw OCR launch a new HIPAA compliance enforcement initiative. Under the HIPAA Right of Access initiative, OCR has issued two $85,000 financial penalties for failures to provide patients with copies of their medical records in a reasonable time frame without being overcharged.
OCR is not penalizing healthcare organizations and business associates for data breaches, as breaches can occur even when an organization is fully compliant. The penalties are issued because of the lack of an effective HIPAA compliance program. If those 9 entities had an effective compliance plan in place, a sizable financial penalty and all the negative publicity would have been avoided.
On January 22, HIPAA Journal sponsor, Compliancy Group, will be hosting a webinar in which OCR’s HIPAA compliance enforcement actions in 2019 will be reviewed and the changing enforcement priorities of OCR will be discussed.
Compliancy Group will also explain how straightforward it is to implement and maintain an effective HIPAA compliance plan and its compliance coaches will be providing actionable tips to help you immediately start protecting your business.