How do I avoid getting hit with a $100,000 HIPAA fine?

By Rachna Chaudhari, manager, practice management

Q: I understand that small and mid-sized practices now are facing stiff penalties for Health Insurance Portability and Accountability Act (HIPAA) violations. How do I avoid HIPAA fines?

A: Dermatologists can face serious penalties if they do not comply with new HIPAA provisions by Sept. 23, 2013. Practices can be audited for violations and may have to pay steep fines for their non-compliance. The new rule sets forth a fine structure where practices would pay — based on the degree of their willful neglect — up to $250,000 per violation and face imprisonment for up to 10 years.

Noncompliance

In April 2013, The Department of Health and Human Services (HHS) investigated a five-physician cardiac surgery practice in Arizona after a complaint was filed alleging that the practice was posting medical schedules on an online calendar that was publicly accessible. The practice entered into a resolution agreement regarding charges that it violated HIPAA and agreed to pay $100,000, as well as take corrective action. The HHS investigation found that the practice had done little to comply with HIPAA Privacy and Security Rules since the regulations were first implemented a decade ago.

This was the first resolution agreement with a small practice since the government increased enforcement powers under the update to HIPAA from the Health Information Technology for Economic and Clinical Health Act (HITECH) of 2009. Other resolution agreements with hospitals and health plans have resulted in penalties of more than $1 million each.

The announcement puts physicians on notice that HHS will hold all practices — large and small — accountable for HIPAA Privacy and Security Rules violations. It’s essential to prepare now for the compliance deadline!

How to prepare

The Academy has developed a new HIPAA manual titled, “A Guide to HIPAA and HITECH for Dermatology.” This manual contains a model business associate agreement, model notice of privacy practice form, breach notification requirements, other guidelines, tools, and worksheets explaining all of the new HIPAA regulations. You can order the manual online or by calling the AAD’s Member Resource Center at (866) 503-SKIN (7546).

The Academy has also developed a series of educational recordings on HIPAA focused on the new regulations, as well as the privacy and security requirements. Train all of your practice staff on the new changes and ongoing HIPAA requirements at www.aad.org/webinars.

You can also visit the Academy’s HIPAA Web page at www.aad.org/hipaa to learn more about the new regulations and any upcoming changes.

In addition, HHS has created case study examples and resolution agreements to help physicians comply with HIPAA.

Email the Member to Member editor at members@aad.org.

Related resources: