The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) as amended by the HIPAA Omnibus Rule in 2013 define the regulations for the private and secure management of health information. Covered entities and business associates that neglect adhering to these regulations can face rigid sanctions from a multitude of agencies, including the U.S. Department of Health and Human Services (HHS), its Office for Civil Rights (OCR), the Federal Trade Commission and state Attorneys General.
Each regulatory agency can impose fines against covered entities and business associates that fail to document, investigate and remedy HIPAA and HITECH violations. Without the proper compliance planning, covered entities and business associates can be slammed with heavy financial penalties and regulatory oversight, as happened to Cignet Health of Prince George’s County in Maryland.
Learning from the past
According to Healthcare ITNews, Cignet denied 41 patients access to their medical records between September 2008 and October 2009, a right guaranteed by the HIPAA Privacy Rule. Cignet further failed to cooperate with OCR’s investigation of the patients’ complaints and with HHS’ subpoena for the records, which was enforced by the District Court.
The court levied a $1.3 million fine against Cignet for failing to grant access to the patients’ records, and an additional $3 million for willful neglect of the HIPAA Privacy regulations.
The time for proper HIPAA and HITECH compliance planning is now.
Training modules available
“HIPAA and HITECH, Pathway to Compliance” is a four-part do-it-yourself instructional series that guides its users in drafting a HIPAA/HITECH Compliance Plan. Each part provides regulatory information and resources necessary to build a customized plan. Documentation developed in this series can be used when faced with OCR investigations and/or audits to demonstrate compliance efforts.
In this series, Patricia Wynne, Esq., CIPP, a seasoned HIPAA/HITECH subject matter expert familiar with the day-to-day challenges of compliance, presents guidelines for drafting a Compliance Plan that are easy to understand and practical to implement – not bogged down in technical jargon. Each course is one hour in length and includes case studies and questions to enhance learning, as well as resources that can be downloaded and used in the compliance planning process. Now is the time to build your HIPAA/HITECH Compliance Plan with the professional insight of Merit Career Development.
© 2014 Merit Career Development. All rights reserved. For more information, please contact Jim Wynne at jwynne@MeritCD.com.