Our attorneys use their knowledge of the insurance industry to fight for you


What Is the Importance of HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that passed in 1996. It vastly improved patient data privacy and security for sensitive medical information. HIPAA increased the safety of patient information even before the advent of cyberattacks that targeted health insurance providers. Today, HIPAA plays a more important role than ever. HIPAA has five main sections to protect patients and their private information. Any company that deals with protected health information must follow HIPAA’s rules.

What Is HIPAA Compliance?

HIPAA compliance means to abide by the rules the Health Insurance Portability and Accountability Act has set for companies that deal with sensitive patient information. To ensure HIPAA compliance, these companies must have security protocols in place for their physical equipment, networks and processes. Any organization HIPAA covers must abide by its rules. This can include health insurance providers, hospitals, doctor’s offices, dentists and health care clearinghouses.

Covered companies must create contracts that impose specific security measures on protected health information to comply with HIPAA. All companies under HIPAA must protect information such as a patient’s name, Social Security number, address and birthdate, as well as the patient’s health status or information about physical and mental conditions. Any care the medical facility provides to the patient and information regarding the patient’s payment for care is also protected under HIPAA. Employment and education information, however, is not personal health information.

To comply with the HIPAA Privacy Rule, entities must appoint privacy officials, train employees on information security protocols and create processes for people to complain about lax policies or breaches. If a privacy breach occurs, the company must mitigate any harmful effects, if any. HIPAA compliance is extremely important in the U.S. to protect patient information and make health care a safer industry for all. If an entity commits a HIPAA violation, either intentionally or negligently, the penalties can be severe.

What Is a HIPAA Violation?

A HIPAA violation can refer to many actions or failures to act that fall outside the requirements under HIPAA. Whether or not the violation results in a leak of patient health information, the entity could face penalties for the violation. A HIPAA violation is any breach in compliance during the management of a patient’s health care. This could be a failure to set privacy regulations, secure electronic access to sensitive data or obey tax regulations.

When most people discuss HIPAA compliance and violations, they are referring to Title II of the HIPAA Privacy Rule: HIPAA Administrative Simplification. Title II instructs the federal Department of Health and Human Services (HHS) to establish national standards for processing electronic health care records. The HHS has many rules and guidelines health care entities must follow. Ignoring or disobeying any of these rules is a HIPAA violation. Violating the provisions of HIPAA as a covered entity could result in hefty fines from the Office for Civil Rights.

The two main HIPAA violations that result in fines are health care data breach and failure to give patients access to their health information. The minimum penalty for unintentionally violating HIPAA is $100 per violation with a $25,000 annual maximum. A violation with reasonable cause is a $1,000 penalty per incident with an annual cap of $100,000. Willful neglect of HIPAA’s rules is $10,000 per violation if the entity remedies it within a given period, but $50,000 per violation if left uncorrected. The caps on these violations are $250,000 and $1.5 million per year, respectively.

If a patient or health care associate notices a HIPAA violation, he or she should report the issue to the HHS. The HHS takes complaints online regarding HIPAA Privacy Rule violations. The Office for Civil Rights will investigate the complaint and issue fines and penalties as necessary. The health care entity will have a certain amount of time to remedy violations. Investigators may return at a later date to make sure the facility fixed the problem.