Cost of Not Being HIPPA-Compliant

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) estimates that 70% of organizations are still not HIPPA compliant.

Unintentionally releasing the Protected Health Information (PHI) of patients has costly repercussions for any medical practice. Electronic PHI (ePHI ) is defined in Health Insurance Portability and Accountability Act (HIPAA) regulation as any protected health information that is created, stored, transmitted, or received in any electronic format or media. HIPAA regulation states that ePHI includes any of 18 distinct demographics that can be used to identify a patient.Although HIPAA regulations have been in place for over 20 years, many organizations are still confused about HIPAA enforcement and compliance.  In order to make the penalties as fair as possible, the Office for Civil Rights has established a tiered structure for penalties. Along with monetary penalties, some HIPAA violators may also face criminal charges for their actions.