HIPAA Enforcement Swings from Voluntary Compliance to Punishment for Violation of Privacy and Security Laws as States Join Federal Enforcement Under Federal Mandate

Share Article

Congress passed the 2006 False Claims Act. States are ordered to actively investigate and prosecute both providers as well as business associates effective January 1, 2007. States are required to create a False Claims Division and keep the overwhelming majority of fines recovered.

Congress passed the 2006 False Claims Act. States are ordered to actively investigate and prosecute both providers as well as business associates effective January 1, 2007. States are required to create a False Claims Division and keep the overwhelming majority of fines recovered.

Centers for Medicare and Medical Services, HHS-Office of Inspector General and Department of Justice and Plaintiff Attorneys of Whistleblowers combine to make a powerful force for HIPAA Compliance. Just as email communication has revolutionized healthcare, the law is evolving to encompass this critical aspect. Since voluntary compliance has been ignored many providers for years, the Federal Government has examined how to make physical and electronic compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) reality. Whistleblowers will be awarded 15% of fines.

State Attorney General's False Claims Act Divisions will be directly involved and other state agencies are likely to be involved. A lack of email security, audit trails and administrative controls expose information and leave the provider and their business associates to liability. The investigation might be overt or covert and may be started by complaints of patient service, quality, poor documentation, claim of medically unnecessary testing, over use of diagnostic testing, preformed procedures not supported by appropriate documentation and the like. State enforcers will be rewarded with a share of the double and triple damages awards.

The False Claims Act brings a new dimension to liability for primary care physicians. The healthcare provider may be found guilty of violation if their service falls below standard levels of quality or deemed medically unnecessary. Every patient, employee, diagnostic center and business associate may be a codefendant or a plaintiff. Since most communication is now via email, documented communication via audit trailed email can be the best defense.

Internet secure email is the preferred communication channel. Any system that claims to be a solution by enabling HIPAA compliance via secure email through compliant communication and document delivery must cover every point under HIPAA 164.306 and 165.308

For more information, contact Greg North - HIPAA News Organization. editor @ hipaanews.org

HIPAA News is the leader in the latest HIPAA regulatory information.

# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

GREG NORTH
Visit website