HHS attorney predicts big year for HIPAA fines

Jerome Meites, a chief regional civil rights counsel at the U.S. Department of Health and Human Services (HHS), told attendees at last week’s annual American Bar Association conference in Chicago that he expects that over the next 12 months, the administration will collect even more in fines for violations of the privacy protections in the Health Insurance Portability and Accountability Act than the roughly $10 million it collected in the past 12 months.

According to Law360 news, Meites told attendees "knowing what’s in the pipeline, I suspect that that [last year’s] number will be low compared to what’s coming up.”

Meites also reportedly said that the HHS Office of Civil Rights (OCR) is narrowing down a list of 1,200 companies that are two-thirds providers, insurers and clearinghouses, and one-third business associates to create a targeted hit list of companies to audit. The audits should begin later this year and continue into next year.

Earlier this year, HHS released a risk analysis tool for providers to help them ensure they were taking all necessary steps to safeguard HIPAA defined protected health information (PHI). The tool also allows creating reports for audits and according to Law360, Meites indicated that having performed a comprehensive risk analysis before an audit is one of the key factors the OCR looks at when deciding between seeking financial settlements or simply an agreement on specific corrective actions.

Last month, New York Presbyterian Hospital and Columbia University Medical Center settled with the government for a record $4.8 million over the accidental posting of PHI on 6,800 patients on a public website that was indexed by search engines like Google. First on the government's list of problems that led to the settlement was the failure of the hospitals to conduct a comprehensive risk analysis. (Read our report on the record fine.)

“You really have to think carefully about what a risk analysis involves, and it can’t just be the obvious,” Meites said. “Everywhere in your system where [patient information] is used, you have to think about how to protect it.”

Lena Kauffman,

Contributor

Lena Kauffman is a contributing writer based in Ann Arbor, Michigan.

Around the web

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”

FDA Commissioner Robert Califf, MD, said the clinical community needs to combat health misinformation at a grassroots level. He warned that patients are immersed in a "sea of misinformation without a compass."

Trimed Popup
Trimed Popup