The health care practice group at Fuerst Ittleman David & Joseph has experience in assisting clients in HIPAA implementation and compliance.
Our firm can assist your covered entity, or business associate, in ensuring that your company maintains the appropriate operations, policies, procedures, and systems to comply with HIPAA’s regulatory obligations.
Health Insurance Portability and Accountability Act (HIPAA), Pub. L. 104-191, was enacted to establish standards for maintaining the privacy and security of patient health records. HIPAA’s requirements apply to any individual, organization, or agency, which meets the definition of a “covered entity” and those entities’ “business associates,” which help the entities carry out their health care functions. “Covered entities” include health care providers, such as doctors, clinics, nursing homes and pharmacies. A complete definition of “covered entity” and “business associate” can be found at 45 C.F.R. § 160.103.
As part of HIPAA’s reforms, the Secretary of the United States Department of Health and Human Services (HHS) was required to develop regulations to assist in protecting both the privacy and security of certain health information. Towards this end, HHS published two series of regulations commonly known as the Privacy Rule and the Security Rule. The Privacy Rule, located at 45 C.F.R. Part 160 and subparts A and E of Part 164, establishes national standards for protection of personal health information and individuals’ medical records. The Privacy Rule established safeguards to protect the privacy of personal health information and established the circumstances under which disclosures of such information may be made without patient authorization. In addition, the Privacy Rule granted patients certain rights over access to their health information including the right to examine and obtain copies of their medical records and the right to request that corrections be made to mistakes within these records.
The Security Rule located at 45 C.F.R. Part 160, and subparts A and C of Part 164, establishes national standards for protecting electronic personal health information created, received, used, or maintained by a covered entity. The Security Rule works in tandem with the Privacy Rule by establishing the technical and non-technical safeguards that covered entities must have in place to protect electronic protected health information.
Violations of HIPAA can expose an entity to civil and potential criminal penalties. Within HHS, the Office of Civil Rights (OCR) has been given the responsibility of enforcing the Privacy and Security Rules through a variety of measures including the enforcement of civil monetary penalties. Penalties can range from $100 to $50,000 per violation depending on the circumstances of the case. However, prior to the imposition of a penalty, OCR will provide the covered entity an opportunity to submit written evidence on its behalf. Further, if OCR announces its intent to impose a civil monetary penalty, a covered entity has the right to request an administrative hearing. See generally, 45 C.F.R. Part 160 Subpart E.
Additionally, a person who knowingly obtains or discloses individually identifiable health information in violation of HIPAA’s Privacy Rule may face criminal penalties of up to $50,000 and up to one-year imprisonment. These penalties increase to $100,000, and up to five years imprisonment, should a violator’s wrongful conduct involve false pretenses, and to $250,000, and 10 years imprisonment, if the wrongful conduct involves the intent to sell, transfer, or use the identifiable health information for commercial advantage, personal gain, or malicious harm. The Department of Justice is responsible for the prosecution of criminal violations of HIPAA.
Fuerst Ittleman David & Joseph’s health care practice group has experience in providing assistance to covered entities and their business associates to ensure HIPAA compliance. We also have extensive experience in representing entities in the administrative hearings and appeals process. Further, our white collar criminal practice group can provide aggressive, experienced litigation services regarding any potential criminal investigations or actions.
For more information, please contact us at 305-350-5690 or firstname.lastname@example.org.