Are you HIPAA Compliant? If you have ANY personal information about clients stored on your computers you are at risk for a HIPAA- HITECH violation.
If you are like most small companies you probably assume you are just fine.Is it worth the risk?
What can a violation cost you? Here is a chart of HIPAA fines…
|HIPAA Violation||Minimum Penalty||Maximum Penalty|
|Individual did not know (and by exercising reasonable diligence would not have known) that he/she violated HIPAA||$100 per violation, with an annual maximum of $25,000 for repeat violations (Note: maximum that can be imposed by State Attorneys General regardless of the type of violation)||$50,000 per violation, with an annual maximum of $1.5 million|
|HIPAA violation due to reasonable cause and not due to willful neglect||$1,000 per violation, with an annual maximum of $100,000 for repeat violations||$50,000 per violation, with an annual maximum of $1.5 million|
|HIPAA violation due to willful neglect but violation is corrected within the required time period||$10,000 per violation, with an annual maximum of $250,000 for repeat violations||$50,000 per violation, with an annual maximum of $1.5 million|
|HIPAA violation is due to willful neglect and is not corrected||$50,000 per violation, with an annual maximum of $1.5 million||$50,000 per violation, with an annual maximum of $1.5 million|
Not mentioned on this list is that fact that the fines can also include jail time of up to 10 years for a HIPAA violation.
Even if you dont have an actual HIPAA violation you can be fined for not running an audit, as the case against a company in Alaska (settled in Decemeber 2014) states that the company “failed to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality integrity, and availability of e-PHI” (http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/acmhs/amchs-capsettlement.pdf).
The above company had a $150,000 fine and had to fix all the issues on top of that.
So why wouldn’t you get an annual Audit done? Actually if you don’t have one you can be held in violation of HIPAA and at risk; so what is the hold up. Even if you don’t think you have to worry you should still get an Audit done, to protect yourself. Burying your head in the sand and saying “I didnt know” is not an option, it wont protect you.
Oxford Network Solutions offers a full suite of HIPAA Compliance Auditing. If you have a service contract with Oxford already you might be eligible to get this testing for free. Call Oxford today to schedule your HIPAA Compliance Audit.