The Health Insurance Portability and Accountability Act, also known as HIPAA, is a federal law created to provide continuous insurance coverage to workers who change jobs, simplify healthcare administrative processes, and standardize the electronic transmission of health and financial information. As data breaches and cyberattacks proliferate in healthcare, HIPPA has taken a more prominent legislative role in protecting medical information and ensuring data privacy (1). Although it was signed into law by President Clinton in 1996, this legislation has had some significant updates over the years, notably the Privacy Rule in 2000, the Security Rule in 2003, and the Breach Notification Rule in 2009 (1). HIPAA was primarily intended to improve the health insurance system and simplify healthcare administration, but this legislation is still widely misunderstood by both patients and healthcare organizations, alike. There are major consequences for not meeting HIPAA compliance, ranging from disciplinary action to criminal penalties, so it is important for healthcare organizations to understand these rules and make every effort to adequately implement them (2).
Ensuring HIPAA compliance provides benefits to both patients and organizations. In accordance with the HIPAA Privacy Rule, an organization must be aware of how its protected health information, both electronic and non-electronic, is accessed, stored, and shared. By implementing HIPAA compliance protocols, healthcare organizations can ensure that all of their sensitive data is secured and protected. Achieving a high level of data security provides an essential level of defense needed for protection against cyber threats and promotes high levels of trust between patients and their healthcare providers (9) (3). Perhaps the single greatest advantage of maintaining HIPAA compliance is not being subjected to corrective action over violation of this law. For example, for violations involving willful neglect of HIPAA rules, in which the violation has already been corrected within the required time period, the minimum fine is $10,000 per violation up to a maximum of $250,000 for repeat violations. By avoiding fines and penalties associated with HIPAA non-compliance, healthcare organizations can minimize costs (3) (4).
To reap the benefits of HIPAA compliance, and to avoid any penalties associated with non-compliance, it is important to understand how to properly implement HIPAA rules. The first step is to choose a Privacy Officer and Security Officer to spearhead the Compliance Plan (7) (5). The Compliance Plan should include policies and procedures needed to ensure the privacy and security of protected health information (PHI). All other employees should also be annually trained on HIPAA protocols and comply to the best of their abilities (7) (5). Organizations should also be aware of common HIPAA violations to avoid any corrective action. Common violations include social media posts involving confidential patient information, electronic health record breaches, and sending PHI to the wrong patient/contact (6).
HIPAA aims to ensure that healthcare administrators and organizations are accountable and reliable. Due to the increased presence of social media and growing technology, it is very likely that there will be future updates to HIPAA. All in all, it is important for organizations to remember that maintaining HIPAA compliance is an active and ongoing process.
- Why is HIPAA Important to Patients? (2018, March 08). Retrieved from https://www.hipaajournal.com/why-is-hipaa-important-patients/
- What Happens if You Break HIPAA Rules? (2019, January 18). Retrieved from https://www.hipaajournal.com/what-happens-if-you-break-hipaa-rules/
- Top Benefits of Being HIPAA Compliant. (2018, October 26). Retrieved from https://blog.rsisecurity.com/top-benefits-of-being-hipaa-compliant/
- What Happens if You Violate HIPAA? (2019, January 18). Retrieved from https://www.hipaajournal.com/what-happens-if-you-violate-hipaa/
- Karn, J. (2016, July 13). 5 Steps for Implementing a Successful HIPAA Compliance Plan. Retrieved from https://www.nuemd.com/blog/5-steps-implementing-successful-hipaa-compliance-plan
- Mayfield, J. (2019, March 18). What is HIPAA Compliance and Why is it Important to Healthcare Security? – Absolute Blog: The Leader in Endpoint Visibility and Control. Retrieved from https://blogs.absolute.com/hipaa-compliance/