What does a HIPAA violation cost ?
HIPAA violations are expensive. The penalties for noncompliance are based on the level of negligence and can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for violations of an identical provision. In addition, violations can also carry criminal charges resulting in jail time.
Fines will increase with the number of patients and the amount of neglect. The lowest fines start with a breach where you didn’t know and, by exercising reasonable diligence, would not have known that you violated a provision. At the other end of the spectrum are fines levied where a breach is due to negligence and not corrected in 30 days. In legalese, this is known as men's rea (state of mind). So fines increase in severity from no mens rea (didn’t know) to assumed mens rea (willful neglect).
The fines and charges are broken down into two major categories: Reasonable Cause and Willful Neglect. Reasonable Cause ranges from $100 to $50,000 per incident and does not involve jail time. Willful Neglect ranges from $10,000 to $50,000 for each incident and can result in criminal charges.
Unencrypted Data
While encryption is an addressable (rather than required) specification, it is optional. Most data breaches are due to stolen or lost unencrypted data. When in doubt, you should implement the addressable implementation specifications of the Security Rule. Most of them are best practices.
Employee Error
Breaches can occur when employees lose unencrypted portable devices, mistakenly send PHI to vendors who post that information online and disclose personally identifiable, sensitive information on social networks.
These are all examples from actual cases. Therefore, employee training and adherence to security policies and procedures are extremely important.
Data Stored on Devices
Almost half of all data breaches are the result of theft. When laptops, smartphones, etc., are unencrypted, the risk of a breach increases considerably.
To mitigate your practice’s risk, please give us a call to schedule a
free network assessment.