Current Penalties for HIPAA Violations in Your Aesthetic Business

How does HHS Determine Penalties for a HIPAA Violation?

Culpability is the foundation for HIPAA breach penalties. Even an “Unknowing” breach can cost a practice anywhere from $100-$50,000 per violation. As of November 2017, there is a yearly cap of $1.5 million in place for each “Identical Provision” violated. 

This cap may save large institutions from financial ruin, but a single breach can be devastating to small spas or clinics. Individual State Attorney Generals make the final determination in civil cases.

HIPAA and Your Botox Business

Historically the HHS focus had been on provider education and simple corrective measures, but violators are finding that the OCR’s tolerance for breaches is wearing thin. 

 The four-tier category system for violations is as follows:

  • Unknowing- Even with the exercise of “reasonable diligence” a covered entity was unaware of the violation.
  • Reasonable cause- Through the exercise of reasonable diligence an entity should have been aware of the violation.
  • Willful Neglect-Corrected- An intentional violation of HIPAA or act of reckless indifference that is corrected within 30 days of discovery.
  • Willful neglect-uncorrected An intentional violation of HIPAA or act of reckless indifference that is not corrected within 30 days of discovery.

 

 Current Penalty Structure

 

Violation Tier

 

Penalty Range (Per Violation)

Cap for Violation of “Identical Provision” Within

Calendar Year

Unknowing Violation

$100 – $50,000

$1,500,000

Reasonable Cause Violation

$1,000 – $50,000

$1,500,000

Willful Neglect of Provision-Corrected

$10,000 – $50,000

$1,500,000

Willful Neglect of Provision-Not Corrected

Minimum of $50,000

$1,500,000

 

Botox Aesthetics and HIPAA Business Planning

Without cohesion and a centralized database for new and emerging clinics, aesthetic medicine has begun to lag behind in Best Practices. 

Wlll Ross, project manager for a non-profit health information exchange based in California recently spoke in a PBS special about the pros & cons of EMR software.

“A lot of the EHRs are cash cows to their owners,” Ross says. “They make their money on installing them, not changing them.” His project, Redwood MedNet, has spent two decades working toward a more cooperative EHR standard.

Also note that while individuals cannot currently sue under HIPAA, there is no limitation on states that choose to provide enhanced protection for citizens. George Washington University offers this State Health Information Guide.

For more information on HIPAA standards join our conversation by clicking below:

 {{cta(’76eda16c-cb88-405d-bff2-a30f450aea46′)}}

 

 

Post a Comment