HEALTHCARE | HIPAA

HIPAA COMPLIANCE AND RISK MANAGEMENT

HEALTHCARE | HIPAA

HIPAA COMPLIANCE AND RISK MANAGEMENT

Who Must Be HIPAA Compliant?

The HIPAA Rules apply to two groups: covered entities and business associates. A covered entity is a health plan, health care clearinghouse, or health care provider who electronically transmits any health information. Examples of covered entities are:

  • Doctors
  • Dentists
  • Pharmacies
  • Health insurance companies
  • Company health plans

Who Must Be HIPAA Compliant?

The HIPAA Rules apply to two groups: covered entities and business associates. A covered entity is a health plan, health care clearinghouse, or health care provider who electronically transmits any health information. Examples of covered entities are:

  • Doctors
  • Dentists
  • Pharmacies
  • Health insurance companies
  • Company health plans

A business associate is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of or provides services to, a covered entity. Examples of business associates (whose services include access to PHI) are:

  • CPA
  • Attorney
  • IT providers
  • Billing and coding services
  • Laboratories

HIPAA violations are expensive. The penalties for non-compliance are based on the level of negligence. They can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for violations of an identical provision.

A business associate is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of or provides services to, a covered entity. Examples of business associates (whose services include access to PHI) are:

  • CPA
  • Attorney
  • IT providers
  • Billing and coding services
  • Laboratories

HIPAA violations are expensive. The penalties for non-compliance are based on the level of negligence. They can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for violations of an identical provision.