If you’ve ever obtained medical treatment or even visited your family doctor for a checkup, you’ve probably heard of the Health Insurance Portability and Accountability Act, or HIPAA. This law has become more prominent in recent years thanks to multiple headlines announcing cyber attacks on healthcare providers and insurers and consequent data breaches.
Below is a list of 5 common HIPAA questions and their answers, some of which may surprise you.
- What is HIPAA?
HIPAA (Health Insurance Portability and Accountability Act of 1996) is legislation designed to keep your medical information safe by providing security provisions and requiring high levels of data privacy. It consists of five sections known as titles. Consumers are most familiar with Title II, which requires healthcare entities to provide secure electronic access to a person’s health data and comply with Department of Health and Human Services (HHS) privacy regulations.
- When was it passed?
President Bill Clinton signed the act into law on August 21, 1996.
- What does it protect?
The HIPAA Privacy Rule protects all individually identifiable health information that a covered organization or its business associate may hold or transmit. Examples of covered organizations include healthcare providers, health plans, and healthcare clearinghouses. The following information is treated as protected under HIPAA:
- Your name, address, date of birth, and Social Security number
- Your mental or physical health condition
- Any care you receive
- Care payment information that could potentially be used to identify you
All covered companies must train their employees regarding HIPAA requirements and guidelines and document their compliance efforts.
- What remedies does HIPAA provide for?
HIPAA provides for both civil and criminal penalties when protected health information is wrongfully disclosed. Violations are classified under one of four tiers:
- Tier 1: The individual or entity did not realize that their actions violated HIPAA. Fines start at $100 and can go up to $50,000 each for repeat offenders. Criminal penalties include up to a year in jail.
- Tier 2: There is reasonable cause to believe that the party knew their acts violated HIPAA but failed to exercise due diligence. The base fine is $1,000 and can go up to $50,000 per violation, plus up to a year in jail.
- Tier 3: The violation was due to willful neglect but corrected within 30 days. Fines start at $10,000 and go up to $50,000 per incident.
- Tier 4: The violation was due to willful neglect and no effort was made to correct it. The standard fine is $50,000.
With each tier, there is a yearly fine maximum of $1.5 million. Violations committed under false pretenses carry a maximum prison sentence of five years and a $100,000 fine per violation while acts of malicious intent, such as cyber attacks and data theft, are punishable by a fine of up to $250,000 per violation and a 10-year prison sentence.
- What do I do if I think my medical information has been compromised?
Your medical information can be compromised if a healthcare provider or insurer stores or uses it in ways that violate HIPAA privacy standards, such as accessing your information on a home computer or personal Internet device or failing to implement limitations as to who may view your medical records.
If this happens, contact the Department of Health and Human Services and request an investigation. Although patients don’t have a private right to sue a covered entity for compromising their healthcare information, it can may possible to file a claim under Missouri state law. For example, Missouri Revised Statute Section 191.656 addresses the improper disclosure of a person’s HIV status by healthcare providers with access to such information.
Contact Us
HIPAA violations can have a serious impact on your life. If you believe that your private healthcare information has been compromised by someone who had no right to access or share it, contact Bell Law. Attorney Bryce Bell will review your situation and assist you in pursuing a claim for damages arising from the violation of your privacy.
