Austin HIPPA Compliance Lawyers
The Health Insurance Portability and Accountability Act lays out the standards for protecting patient data. The HIPPA privacy rule provides the standards for saving, sharing, and access of the personal and medical information of patients. The HIPPA security rule outlines the security measures for protecting health information created, maintained, or utilized electronically. Failure to comply with the HIPAA security standards leads to huge fines, and in serious cases, imprisonment and loss of the defaulter’s medical license.
Filing a HIPPA Compliance Complaint
If a HIPAA covered business associate or entity has violated your health information privacy rights, an Austin HIPPA compliance lawyer can make a complaint on your behalf with the Office for Civil Rights (OCR). The OCR will investigate the complaints made against the business associates and entities in question.
The following requirements should be satisfied when filing a HIPPA compliance complaint:
- Your complaint should be filed in writing through mail, email, fax, or the OCR portal.
- You should name the business associates or entities involved in the breach and describe how they violated the security, privacy, or notification rules.
- You should file your complaint within 180 days from the time you discovered the violation. The OCR normally extends this limitation period when dealing with special circumstances.
OCR’s Role in HIPPA Compliance Complaints
If OCR agrees to investigate a complaint, it will inform the complainant and the entity or associate named in the complaint. The complainant and the accused party are required to provide information concerning the problem or incident featured in the complaint. The accused party is required to comply with OCR investigations. Incidents that are a violation of HIPAA’s criminal provision are referred to the Justice Department for investigation.
OCR rules on any given case by reviewing the evidence collected. In some cases, the OCR may rule that the accused party did not violate HIPPA regulations. In cases where the evidence shows that the accused party violated HIPPA compliance rules, OCR will seek to settle the case by obtaining voluntary compliance, resolution agreement, and corrective action.
OCR will issue a written notification to the complainant and the accused regarding the result of the resolution. If the accused entity or business associate fails to resolve the issue according to the recommendations of OCR, they may be asked to pay civil money penalties. Complainants do not get a share of the civil money penalties imposed on defaulting parties. The money goes to the U.S. treasury.
HIPAA Violation Classifications
An Austin Compliance lawyer will conduct an intensive investigation to help you prove the elements of the associated HIPPA violation. HIPAA violations are classified into four categories:
- Category 1: This category involves a violation that the covered entity was not aware of and could not have avoided had they abided by HIPAA rules.
- Category 2: This category involves a violation that the covered entity should have known but could not have avoided had they abided by HIPAA rules
- Category 3: This category involves a violation that is an intentional neglect of HIPAA regulations in situations where an effort has been made to remedy the violation
- Category 4: This category involves a violation of HIPAA regulations through willful neglect in cases where no effort has been made to remedy the violation
Penalties for HIPAA Violations
With the assistance of an Austin compliance attorney, you will be able to prove some of the factors affecting financial fines for HIPAA breach. These include prior history, the degree of harm resulting from the violation, and the financial condition of the organization. In any case, the penalties for violations are awarded depending on the category of the offense. Category 1 violations attract a fine of between $100 – $50,000. Category 2 violations attract a fine of between $1,000- $50,000. Category 3 violations attract a fine of between $10,000-$50,000. Category 4 violations attract a fine of at least $50,000.
Criminal Penalties for HIPAA Violations
An Austin compliance attorney will advice you on whether to file civil charges or criminal charges against the accused for breaching Protected Health Information (PHI). Criminal penalties are divided into three categories:
- Cases where the accused had reasonable cause or was not aware of the violation- 1 year imprisonment
- Cases where the accused obtained PHI data under false pretense- A maximum 5 years imprisonment
- Cases where the accused obtained PHI data for malicious intent or personal gain- 10 years maximum imprisonment