In worst case scenarios, a $1.5M fine per violation may be imposed.
Chesapeake, Virginia (PRWEB) April 09, 2013
In light of the HIPAA omnibus final rule taking effect on March 26, 2013, HIPAA Covered Entities such as hospitals, medical practices, health care providers, health systems, health plans and clearinghouses, as well as business associates and vendors who do contracted business with Covered Entities, must ensure they are compliant with changes that occurred within the final rule.
Covered Entities and their business associates will have six months to achieve compliance with the majority of the omnibus rule. "While there is a grace period until September 23, 2013, for the majority of the HIPAA omnibus rule, it's important for HIPAA Covered Entities to understand that the existing Data Breach Notification rule remains in effect,” said Darek Dabbs, Sera-Brynn's Chief Information Officer.
Currently, breaches only have to be reported if they pose “significant risk of reputational, financial or other harm” to individuals. Under the new rule, notification is required unless the breach is proven to have a low probability of data loss based on a risk-based four factor assessment.
Fines and penalties associated data breaches will increase under the new rule based on the level of negligence. In worst case scenarios, a $1.5 million fine per identical violation may be imposed. "It's entirely possible that hospitals and medical practices, if audited and found to have a variety of types of violations, will be levied massive fines in the tens of millions," said John Kipp, Sera-Brynn's Chief Operating Officer.
Sera-Brynn has already provided its HIPAA Risk Analysis Service to multiple HIPAA Covered Entities, to include hospitals, individual practices, and assisted living facilities, and is well versed in the recent changes associated with the new rule.