HHS attorney predicts big year for HIPAA fines
Lena Kauffman | June 16, 2014 | Health Exec | Digital Transformation

Jerome Meites, a chief regional civil rights counsel at the U.S. Department of Health and Human Services (HHS), told attendees at last week’s annual American Bar Association conference in Chicago that he expects that over the next 12 months, the administration will collect even more in fines for violations of the privacy protections in the Health Insurance Portability and Accountability Act than the roughly $10 million it collected in the past 12 months.

According to Law360 news, Meites told attendees "knowing what’s in the pipeline, I suspect that that [last year’s] number will be low compared to what’s coming up.”

Meites also reportedly said that the HHS Office of Civil Rights (OCR) is narrowing down a list of 1,200 companies that are two-thirds providers, insurers and clearinghouses, and one-third business associates to create a targeted hit list of companies to audit. The audits should begin later this year and continue into next year.

Earlier this year, HHS released a risk analysis tool for providers to help them ensure they were taking all necessary steps to safeguard HIPAA defined protected health information (PHI). The tool also allows creating reports for audits and according to Law360, Meites indicated that having performed a comprehensive risk analysis before an audit is one of the key factors the OCR looks at when deciding between seeking financial settlements or simply an agreement on specific corrective actions.

Last month, New York Presbyterian Hospital and Columbia University Medical Center settled with the government for a record $4.8 million over the accidental posting of PHI on 6,800 patients on a public website that was indexed by search engines like Google. First on the government's list of problems that led to the settlement was the failure of the hospitals to conduct a comprehensive risk analysis. (Read our report on the record fine.)

“You really have to think carefully about what a risk analysis involves, and it can’t just be the obvious,” Meites said. “Everywhere in your system where [patient information] is used, you have to think about how to protect it.”

Lena Kauffman,

Contributor

Lena Kauffman is a contributing writer based in Ann Arbor, Michigan.

Related Content

10 things you may have suspected about AI but didn’t know for sure till now
Physicians are embracing clinical GenAI—in theory, at least
Submitted for consideration by all healthcare AI stakeholders: 10 principles, 6 commitments, 1 direction
The well for AI training data is running dry. Big Tech heavyweights are taking extraordinary measures to deal with the drought.
GenAI-focused market researchers: ‘The payer–provider divide is wide and has dangerous implications’
Ready and willing but not yet able: America’s schools staring down GenAI

Design by Adaptive Theme
Trimed Popup
Trimed Popup