HIPAA compliance can be a complex subject. If not careful, you can quickly end up on the wrong side of the law. As a national leader in HIPAA safety and compliance training, we receive hundreds of questions regarding HIPAA regulation. So, we have collected seven of the most frequently asked questions and answers about HIPAA.
1) What is HIPAA?
According to the Centers for Disease Control and Prevention (CDC), the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.
2) Who must comply with HIPAA?
There are three groups that must comply with HIPAA requirements. These include:
- Covered Entities
- Business Associates
- Business Associate Subcontractors
3) What types of patient information are protected?
All medical records and other individually identifiable health information used or disclosed by a covered entity in any form, whether electronically, on paper, or orally, are covered under HIPAA.
4) What happens if someone doesn’t comply with HIPAA?
If a practice is not compliant with HIPAA, the government can impose civil penalties for noncompliance. These penalties can range from $100 to $250,000, with the maximum penalty per violation for the calendar year being capped at $1,919,173. Criminal penalties and imprisonment can also be imposed. State Attorney Generals can also impose penalties.
5) Do I need to retrain employees every year on HIPAA?
Yes, HIPAA training should be conducted for your employees every year. The benefits of HIPAA training outweigh the risks of not conducting annual training. It should be considered a continual investment in your practice and the protection of your patient’s privacy and security.
6) What is a breach?
A breach is considered the impermissible use or disclosure under the HIPAA Privacy Rule that compromises the security or privacy of the protected health information.
7) How often should a practice perform a Risk Assessment?
The HIPAA regulations allow organizations to perform Risk Assessments at a frequency they deem appropriate. However, as a best practice, to meet U.S. Department of Health and Human Services (HHS) standards, it is recommended that risk assessments be reviewed on an annual basis.
For questions regarding HIPAA training, contact the experts at MedSafe for a free consultation. MedSafe is the nation’s leading one-stop resource for outsourced safety and health compliance solutions in healthcare.
Toll-free: (888) MED-SAFE