Welcome to the July Compliance Blog Post!
We are back with a Compliance Blog Post for July 2023. This month we are talking about HIPAA and the ongoing commitment we have at HealthPoint to protect Patient Health Information. As part of HealthPoint’s ongoing HIPAA Security Program, Brian Thurston and Katherine Hall (the HIPAA Security and Privacy Officers) are sending out quarterly HIPAA reminders. To kick off the second Quarter of 2023, we will be discussing what happens when a HIPAA Breach Occurs!
What happens when a HIPAA Breach Occurs?
HIPAA breaches are investigated and enforced by the Health and Human Services (HHS) Office for Civil Rights (OCR). Breaches can either be reported to OCR by a healthcare entity, or via a complaint from an individual. OCR enforces HIPAA Privacy and Security Rules by investigating complaints, conducting compliance reviews, and performing outreach and education to help covered entities (health plans, healthcare providers, pharmacies, etc) remain in compliance with changing rules. When OCR receives a complaint, or notification of a breach, they will investigate to determine if the covered entity violated any requirements. In the event of noncompliance, OCR will work with the organization to solve the matter though corrective action or another avenue.
In cases where the noncompliance is not solved, there can be civil penalties for the covered entity. Those penalties can include:
- HIPAA violation: Unknowing Penalty range: $100 – $50,000 per violation, with an annual maximum of $25,000 for repeat violations
- HIPAA violation: Reasonable Cause Penalty range: $1,000 – $50,000 per violation, with an annual maximum of $100,000 for repeat violations
- HIPAA violation: Willful neglect but violation is corrected within the required time period. Penalty range: $10,000 – $50,000 per violation, with an annual maximum of $250,000 for repeat violations
- HIPAA violation: Willful neglect and is not corrected within the required time period. Penalty range: $50,000 per violation, with an annual maximum of $1.5 million
The dollar amount associated with each penalty has to do with the number of records impacted, the type of breach, and the type of information that was compromised. In the cases where information was knowingly disclosed inappropriately, there can be criminal penalties for the individual responsible including fines of up to $50,000 and up to a year in prison.
Want to learn more about HIPAA?
If you enjoy learning more, I highly recommend checking out the OCR HIPAA News Releases and Bulletins on the HHS website where they post recent fines and judgments related to HIPAA breaches.
We are Here to Help!
If you have any questions about any of these, please feel free to reach out to our Medical Coder, Lena Sadler, via Teams and/or email at