HIPAA concerns, established in 1996 and evolving ever since, continue to be a very real compliance concern for healthcare providers. As an example, last year HHS collected $28.7 million from providers of healthcare services and payors for responses to data breaches that HHS considered inadequate.
According to Modern Healthcare, this is $5.2 million over the prior high for settlement and penalties reported in 2016. The data for 2018 may be skewed by the $16 million settlement by Anthem for a breach involving approximately 79 million people. That breach occurred in 2015, and the settlement was record-setting for the Office of Civil Rights.
Changes being discussed by HHS include the possibility of sharing a percentage of civil monetary penalties or monetary settlements with affected individuals; revisions to HIPAA rules that facilitate the additional information demanded by coordinated care, outcome-focused care and value-based payments; and reconciliation of behavioral health care’s 42 CFR Part 2 rules with HIPAA.
If you are concerned about how this issue affects your business or practice, contact Mary Holloway Richard, who represents and counsels clients on issues including healthcare compliance, health services contracting, reimbursement audits and appeals, OIG investigations, and regulatory and corporate matters.
Mary can be reached at 405.552.2403 or at email@example.com.