What
is the HIPAA Privacy Rule?
HIPAA,
or the Health Insurance Portability and Accountability Act of 1996 (Public Law
104-191), is a federal law enacted by Congress to reform and standardize healthcare.
Under the "Administrative Simplification" aspect of this law, the United
States Department of Health and Human Services (DHHS) established "Standards
for Privacy of Individually Identifiable Health Information," also known
as the "Privacy Rule." This Privacy Rule creates national standards
for the protection of personal medical records and other health information. HIPAA
regulations have recently been altered. The new wording of HIPAA states the
following from the Federal Register, Volume 67, Number 157: "There
should be no potential for conflict between the safeguards required by the Privacy
Rule and the final Security Rule standards, for several reasons. First, while
the Privacy Rule applies to protected health information in all forms, the Security
Rule will apply only to electronic health information systems that maintain
or transmit individually identifiable health information. Thus, all safeguards
for protected health information in oral, written, or other non-electronic forms
will be unaffected by the Security Rule." Products
listed on TheFileGuy.com that are HIPAA solutions include the following. Who
must comply HIPAA?
Almost
everyone. As required by HIPAA, the final regulation covers health plans, health
care clearinghouses, health care providers, physician offices, employers, public
health authorities, life insurers, information systems vendors, service organizations,
and universities. All who conduct certain financial and administrative transactions
through paper, oral or electric communications. Who
will enforce HIPAA regulations?
The Department of Health and Human Services
(DHHS). The DHHS will be responsible for determining if an organization is HIPAA
compliant. The DHHS will also issue any penalties for non-compliance with the
HIPAA legislation. What
are the Ramifications for non-compliance? Civil
Penalties
HIPAA calls for severe civil penalties for noncompliance, including
fines up to $25,000 for multiple violations of the same transaction standard in
a calendar year. Since there are many transaction standards, penalties can add
up quickly. Federal
Criminal Penalties
Congress also established criminal penalties for knowingly
violating patient privacy. Violators can realize criminal penalties of up to $50,000
and one year in prison for obtaining or disclosing protected health information,
or up to $100,000 and five years in prison for obtaining protected health information
under false pretenses. As much as $250,000 to 10 years in prison can be the penalty
for obtaining or disclosing protected health information with the intent to sell,
transfer or use for commercial advantage, personal gain or malicious harm. | 
