5 Gray Areas of HIPAA
THIS GUIDE EXISTS TO SHED SOME LIGHT ON SOME OF THE 'GRAY AREAS' OF
HIPAA (THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT).
1. IF YOU THINK HIPAA IS JUST A HEALTHCARE INDUSTRY ISSUE, THINK AGAIN
Issues arise when organizations conclude that because they do not explicitly fall into one of the
covered entity categories as defined by HIPAA, they do not need to concern themselves with
HIPAA compliance.
2. BUSINESS ASSOCIATES AND THE CONDUIT EXCEPTION RULE
Generally, any organization or individual that creates, receives, maintains, or transmits PHI in the course of performing services on behalf of the covered entity qualifies as a BA
3. WHEN IS PHI NOT PHI?
Once information is de-identified, it is no longer considered PHI and is therefore no longer covered
by the HIPAA privacy rule.
4. THE DIFFERING PENALTIES FOR NONCOMPLIANCE
Failure to comply with HIPAA can result in both civil and criminal penalties. Civil penalties, which
are enforced by OCR, are monetary, and vary from $100 to $1.5 million, while criminal penalties,
enforced by the U.S. Department of Justice, can result in imprisonment for 10 years or more.
5. ADDRESSABLE HIPAA SAFEGUARDS ARE NOT OPTIONAL
The three sets of safeguards that define security standards to help ensure the confidentiality of patient information and prevent a breach of PHI are physical, administrative, and technical.
.png)
No comments:
Post a Comment