HIPAA Enforcement Trends for 2017 (so far)
Since the start of 2017 alone, HIPAA enforcement trends have indicated that this could be the most costly year for fines in history.
HIPAA, as a regulation, is managed by the Department of Health and Human Services (HHS). HHS designs and enacts policy and guidance about emerging trends in health care IT, patient privacy, and data security. The Office for Civil Rights (OCR) is the HHS body responsible for HIPAA enforcement and investigation.
HIPAA Fines by Year
OCR has been cracking down on HIPAA enforcement significantly in the past few years.
Compare these HIPAA fine totals by year:
- 2015: $6,193,000
- 2016: $23,504,800
- 2017: $17,093,200
So far, in the first six months of 2017 alone, fines have increased by almost 300% over 2015’s fine total. And if the trend continues, 2017 is very likely to outpace 2016’s record-breaking $23 million as well.
Why the Increase in HIPAA Enforcement?
When OCR begins a HIPAA investigation for a violation or breach, it can take 3-4 years to reach settlement with the organization under investigation.
Four years ago in 2013, HHS released its Omnibus Rule. The Omnibus Rule made it mandatory for HIPAA business associates to be compliant with HIPAA regulation. For background: a covered entity is a health care provider, and a business associate is a vendor hired by that provider.
In the past year, many of the multi-million dollar fines levied by OCR have been the direct result of BA non-compliance. If a covered entity shares health care information with a BA without first executing a business associate agreement, the sharing of that data is considered a violation of HIPAA and is subject to significant fines. In cases where OCR detects “willful neglect” of HIPAA regulation, fines can reach up to $50,000 per incident.
With HIPAA enforcement trending toward stricter and more severe financial penalties for improper relationships with BAs, it’s no wonder why fines have been steadily increasing year after year. Now that some of the major OCR investigations involving BA non-compliance have started reaching settlement, behavioral health providers need to ensure that their relationships with their vendors are lawful under the HIPAA Omnibus Rule.
Compliancy Group gives behavioral health professionals confidence in their HIPAA compliance with The Guard™. The Guard is a web-based HIPAA compliance solution, built by former auditors to help simplify compliance.
Compliancy Group’s team of expert Compliance Coaches™ field questions and guide users through the implementation process, taking the stress out of managing compliance. The Guard is built to address the full extent of HIPAA regulation, including fully automated documentation of policies, procedures, employee training, and remediation plans. The Guard includes policies and procedures that are uniquely tailored to the needs of your organization so you’ll never have to worry about the headaches that come with generic policy binders again.
With The Guard, behavioral health professionals can focus on running their practice while keeping their patients’ data protected and secure.
For more information about what you can do to protect your behavioral health practice, see these upcoming HIPAA educational webinars.
Find out more about how Compliancy Group and the HIPAA Seal of Compliance can help simplify your HIPAA compliance today!
Disclaimer: The views and opinions expressed in the article and on this blog post are those of the authors. These do not necessarily reflect the views, opinions, and position of the Telebehavioral Health Institute (TBHI). Any content written by the authors are their opinion and are not intended to malign any organization, company or individuals.