"Small-scale snooping is actually far more common than large scale theft or dramatic losses of equipment containing PHI. In fact, in the 2011 Survey of Patient Privacy Breaches*, about 70% of the survey respondents reported that they had experienced a HIPAA breach of some level—with the majority of those violations occurring as a result of snooping activity. Insiders were responsible for the majority of breaches, with 35 percent snooping into medical records of fellow employees and 27 percent accessing records of friends and relatives. More than half of the respondents stated that they lacked the appropriate tools for monitoring inappropriate access to PHI."
Since OFA 205 is currently working on medical documents, I thought I would post the civil violations and enforcements from the AMA website. After reviewing these, you can see that your curiosity at work is not worth the consequences. Medical offices have employees log in each day. Based on your login, your employer can see how many records you access each day and who they were. If you have no business lurking in a patient's file, you will eventually be caught. You are given a great amount of responsibility with patient health information. Please don't abuse it.
| HIPAA Violation | Minimum Penalty | Maximum Penalty |
|---|---|---|
| Individual did not know (and by exercising reasonable diligence would not have known) that he/she violated HIPAA | $100 per violation, with an annual maximum of $25,000 for repeat violations (Note: maximum that can be imposed by State Attorneys General regardless of the type of violation) | $50,000 per violation, with an annual maximum of $1.5 million |
| HIPAA violation due to reasonable cause and not due to willful neglect | $1,000 per violation, with an annual maximum of $100,000 for repeat violations | $50,000 per violation, with an annual maximum of $1.5 million |
| HIPAA violation due to willful neglect but violation is corrected within the required time period | $10,000 per violation, with an annual maximum of $250,000 for repeat violations | $50,000 per violation, with an annual maximum of $1.5 million |
| HIPAA violation is due to willful neglect and is not corrected | $50,000 per violation, with an annual maximum of $1.5 million | $50,000 per violation, with an annual maximum of $1.5 million |
No comments:
Post a Comment