Avoid Increasing HIPAA Fines
The enforcement of HIPAA regulations remains consistently strong. Throughout the history of HIPAA regulations, the department of HHS (within its Office for Civil Rights or OCR) has issued fines or collected settlements for violations. These violations are centered on disclosure of PHI via errors and breaches, lack of cyber security management processes, and risk assessment failures.
During the past five years, the fines for these violations have increased in amount per fine and the number of cases settled. The dollar amount of fines and settlements increased from $7.9 million in 2014 to $28.7 million in 2018. However, the number of settlements increased from 6 in 2014 to 11 in 2018. As depicted in the chart below, is the increase in fines by year and the largest fine issued by year.
Although the number of settlements are small each year, HHS is increasingly referring cases to the DOJ. In the last two years, the average DOJ referrals doubled to 56 cases per year. The large fine in 2018, was from the Anthem data breach in 2015.
In reality, fines and settlements which totaled $28 million in 2018 are not significant compared to the US healthcare sector revenue, estimated at $4 trillion. This is true unless your firm is assessed the fine…. Thus, all healthcare firms should not neglect their efforts to protect PHI and be responsible in their cyber security efforts.
There are methods to minimize the chance of your organization receiving a HIPAA fine. HHS issues many Corrective Action Plans (CAPs) per year. In 2018, the number of CAPs issued was 922. A CAP is issued to firms which demonstrate that they have exercised reasonable due diligence to comply with HIPAA regulations.
Key points of due diligence include conducting a compliance/risk assessment, monitoring your security metrics via monthly Key Risk Indicators, and creating a Cyber Risk Management plan.
The cost of demonstrating reasonable due diligence is tiny compared to the size of fines which are issued! Please visit us at www.wpydata.com. We can help you!