When it comes to protecting medical information, the government doesn’t give room for excuses. Armed with HIPAA regulations, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) has settled millions of dollars against violators.
The financial impact of HIPAA violations is especially burdensome on small businesses. This is why small firms must take increased precaution to ensure they’re not in violation. Whether you’re providing healthcare directly or as support services, you are equally liable under HIPAA rules.
The exposure to risk applies to anyone in the value chain of providers in the healthcare segment. Support service providers are especially susceptible if they don’t have the right protocols in place. Small businesses which disclose personal health information (PHI) are liable, and the OCR does go after small business too. Regional OCR offices will pursue cases with less than 500 people.
In addition to those offering direct services, the U.S. Department of Health & Human Services (HHS) also requires the same from any company that has access to health information. The HHS calls contractors, subcontractors, and other outside persons and companies “business associates.”
Business associates include:
Companies that help doctors get paid for providing health care, including billing companies and companies that process your health care claims
Companies that help administer health plans
Consultants, like lawyers, accountants, and IT specialists
Companies that store or destroy medical records
In 2018 the OCR had a record year for HIPAA enforcement. This amounted to $28.7 million, which is more than $5M from the previous record set in 2016. The year also brought the largest single fine against Anthem, Inc. for $16M. In addition to financial penalties, criminal charges can also result in jail time.
If your small business is in the healthcare industry and you are not sure if you’re liable for HIPAA regulations, consult with the experts at HIPAAcraticRx. Click here to read this article in it entirety.