Cost of a HIPAA Violation Blog | Cost of a HIPAA Violation
Cyber 12/02/20

Cost of a HIPAA Violation

Patients share critical health related information with caregivers and health organizations with the belief that their data will be kept confidential. Any breach of data confidentiality can lead to critical patient information being leaked to unwanted sources and can cause people to lose trust in their health provider.

The HIPAA privacy rule was enacted in 1996 by the US Department of Health and Human Services (HHS). This federal law informs healthcare agencies about their responsibility in keeping patient data confidential, and in turn assures patients that their information is safe.

Any breach in HIPAA regulations by healthcare organizations calls for strict legal penalties and monetary implications. HIPAA ensures the following:

  • Investigate any complaints related to the violations
  • Regularly evaluate the conduct of covered organizations and ensure that they are following compliance
  • Provide education through outreach to promote compliance with the regulations

Organizations covered by HIPAA

You might want to check whether your organization falls under HIPAA regulations purview or not. You would need to comply with the regulations if you are one of the following:

Healthcare providers: Any healthcare provider, large or small, that receives patient records and enters them electronically needs to comply with HIPAA data transmission guidelines. This includes medi spas and other small beauty and wellness clinics that store and transmit patient data.

Insurance providers: Any insurance provider dealing with health insurance plans including Medicare, Medicaid, Choice, Supplement and long-term health plans as well as employer sponsored plans.

Intermediate health agencies: Any agency or organization that receives patient data for processing from other entities, for example clearinghouses, must be compliant.

Analytics firms: Business analysts that utilize patient data to perform certain analytics to inform business decisions must follow HIPAA guidelines.

Types of HIPAA breaches

HIPAA violations can be accidental, when violations occur due to maximum disclosure of protected health information (PHI) beyond the minimum required, or intentional, when a company or practice fails to report breaches or fails to correct them on time. How does a HIPAA breach happen?

Unencrypted Data

When a patient’s health information is unsecured it can be easily accessible to anyone and the data can be lost or stolen by hackers.

Theft of Data

Every device with PHI must always be encrypted and secured with a password to avoid loss or theft of data in case the device is stolen or lost.

Lack of Training or Awareness

Unskilled workforce or lack of awareness can lead to insensitive handling and transfer of data from one device or channel to other, leading to security risks. This could include leaving out medical notes or records carelessly on a table that anyone could walk by and view or pick up. And as in any industry, employees are vulnerable to social engineering and phishing attempts.

Insufficient Measures to Avoid Hacks

Failed measures to protect data, and irresponsible log maintenance can lead to hacking attacks on the data.

Implications and Penalties for HIPAA Violations

Depending on whether you have violated the HIPAA norms intentionally or unintentionally and depending on the level and extent of breach, you can be charged under civil law or criminal law or both. Civil law leads to monetary implications for health agencies and individuals, while criminal law can land the offender in jail.

Under civil law, a HIPAA breach can be classified in 4 categories and penalties will be imposed accordingly:

  • Tier 1 Breach: Tier 1 breach typically deals with an unintentional breach or when the offender is unaware of the breach. In such cases, a penalty in the range of $100 to $50,000 can be imposed, depending on the extent of the breach and its impact.
  • Tier 2 Breach: Also known as second degree breach, this happens when the company is aware of the breach, but no timely action is taken to rectify the issue. Penalties range from $1,000 to $50,000.
  • Tier 3 Breach: The entity neglects the rule by choice. Penalties can range between $10,000 to $50,000 per violation.
  • Tier 4 Breach: The company carried out the violation by choice and presently there is no way in which the violation can be corrected. The penalty for such cases is $50,000 and above. The maximum penalty of $1.5 Million can be imposed.

If an organization or individual tries to obtain patient data through unlawful means, a criminal case may take place. There are three types of criminal breaches:

  • Tier 1: 1-year jail term in the case of reasonable cause or no knowledge of the violation
  • Tier 2: 5-year jail term in the case of acquiring PHI under fake pretenses
  • Tier 3: 10 years of jail time in the case of obtaining PHI for personal gain or with malicious intent

Multiple examples of violations and corresponding penalties have been observed in the past. In February 2019, $3 million was fined by HHS to Cottage Health, which also runs Goleta Valley Cottage Hospital, Cottage Rehabilitation Hospital, Santa Ynez Cottage Hospital, and Santa Barbara Cottage Hospital in California. The penalty was levied due to repeated offense of unbarred electronic PHI, which impacted over 60,000 patients over a span of 2 years. In May 2019, a Tennessee diagnostic medical-imaging practice named Touchstone, was asked to pay $3 Million as they exposed the data of more than 300,000 patients.

How to Prevent HIPAA violations and Protect Against Penalties

Even if your company is careful and takes the necessary precautions, you may experience a cyber-attack, which can lead to data theft and result in HIPAA penalties. To prevent and hedge against cyber risks, strengthen your security with these measures:

Proper Business Agreements

Initiate strong business agreements with third-party vendors who share patient PHI, ensuring they share liability in their parts of the transmission process to keep patient data secure. Do your due diligence in selecting vendors with a strong track record of security and investigate their protocols related to cyber security to ensure they are up to your standard.

Strengthen Transmission Security

Encrypt the PHI that is shared on your network. Follow the industry best practices and latest technologies for strengthening transmission security.

Conduct a Cyber Risk Assessment

Quantify, benchmark, and mitigate the financial impact of cyber-attacks on your business. NOW Insurance offers a free cyber risk assessment to help gauge your risk and recommend solutions for improving cyber security. Once you understand your risk level, all business should implement a cyber security plan.

Get an Extra Layer of Protection with Cyber Liability Insurance

With the increasing threat of hacking and data breaches, it is imperative to have cyber security insurance. NOW Insurance offers options in cyber liability policies with three levels of coverage to choose from depending on your needs. Since a cyber policy will only cover violations related to cyber breach and cyber transmission, you will want to pair it with a solid Professional Liability policy that includes a HIPAA sub-limit. The standard NOW Insurance Professional Liability policy includes $25K HIPAA sub-limit.

Minor negligence in handling patient data can result in hefty fines or jail time. It can happen without your knowledge if you experience a cyber-attack. The “bare minimum” in cyber security has increased significantly over the last few years. Help your company stay ahead of risk by taking necessary measures to protect and encrypt patient data and to mitigate against cyber-attacks.

Get a cyber quick quote today.

Don’t forget to take our cyber risk assessment to see where your company stands on cyber risk.

Sources:

  1. https://www.cdc.gov/phlp/publications/topic/hipaa.html
  2. https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
  3. https://www.ama-assn.org/practice-management/hipaa/hipaa-violations-enforcement
  4. https://www.hipaajournal.com/what-are-the-penalties-for-hipaa-violations-7096/
Blog

Tips for protecting yourself and your business.

Healthcare

Why COVID Testing Labs Should Carry General Liability Insurance

Healthcare

Do Occupational Therapists Need Malpractice Insurance?

Healthcare

Can Lab Technicians Be Sued for Malpractice?

Cyber

5 Reasons Cyber Security Insurance Is Becoming More Important Than Ever

Cyber

What Sort of Insurance Will Cover Physical Therapists?

Cyber

Helping Hesitant Patients Embrace Telehealth

Cyber

Why COVID Testing Labs Should Have Cyber Security Insurance in Case of a Data Breach

Healthcare

GI Nurses and Associates Week: Highlight A GI Nurse Hero March 21-27

Healthcare

What Malpractice Risks Do GI Nurses Face?

Healthcare

What Kind of Nurse Should You Be? Check Out the Growing Field of Gastroenterology

Healthcare

6 Risks Lab Technicians Face Without Professional Liability Insurance

Healthcare

Do Contact Tracers Need to Protect Themselves with Professional Liability Insurance?

Cyber

Telehealth Rules Relaxed During Pandemic

Cyber

Telehealth is More Than Just Video Appointments

Healthcare

Pharmacists: Which Specialty Is Right for You?

Healthcare

Sued for Malpractice: A Guide for Nurses and NPs

Healthcare

A Guide to Medical Director Insurance and the Costs

Healthcare

2021 Trends to Look for in Occupational Therapy

Healthcare

Become a COVID-19 Contact Tracer

Healthcare

How Much Does Physician Assistant Malpractice Insurance Cost?

Healthcare

Lab Technicians: Is a Travel Job Right for You?

Cyber

Why Your Agency Needs Home Healthcare Insurance

Healthcare

Covering Covid-19: Is Your Medical Laboratory at Risk?

Healthcare

A Complete Guide to Insurance for Physical Therapists

Healthcare

The Costs of Medical Staffing Agency Insurance

Healthcare

Why Start a Non-medical Home Healthcare Business

Healthcare

IV Nurse Day: Celebrate Jan 25

Healthcare

How to Become an IV Nurse

Healthcare

Charting by Exception: Errors by Omission or The Efficient New Norm?

Healthcare

Are You a Culturally Competent Nurse?

Healthcare

Risks of Abbreviations in Nurse Charting

Healthcare

A Guide to Starting a Home Healthcare Business

Healthcare

Nurses and The Good Samaritan Law

Cyber

Cyber Liability and HIPAA Compliance

Cyber

Why Hackers Love Healthcare Data

Cyber

Ransomware Rampant in Among Small Businesses

Cyber

What is the cost of a data breach?

General

NOW Insurance closes $2.5 million seed round, enhances AI-enabled platform

Cyber

Cost of a HIPAA Violation

Cyber

How to Create a Small Business Cyber Security Plan

Cyber

Small Business and Cloud Storage: Is Your Data Secure?

Cyber

Social Engineering: 7 Common Red Flags

Insurance Basics

Getting Liability Insurance for Events

General

Starting an Event Planning Business: A to Z

Insurance Basics

How Much Does Event Planning Insurance Cost?

Insurance Basics

Insurance for Event Planners: What You Need to Know

Insurance Basics

What’s Included in Event Planning Insurance Coverage?

Insurance Basics

What Can a Tax Preparer Be Held Liable For?

Insurance Basics

Tax Preparer Insurance 101

General

4 Nurse Staffing Issues to Avoid

General

What You Need to Know to Be a Tax Preparer

Insurance Basics

Insurance for Bookkeepers: A Complete Guide

General

How to Start a Nurse Staffing Agency

Insurance Basics

What is Liability Insurance for Bookkeepers?

General

How to Build Customer Relations in Your Business

Insurance Basics

A Guide to Medical Staffing Insurance

General

Developing an Effective Risk Management Plan

Insurance Basics

All You Need to Know About Therapist Insurance

Insurance Basics

What is Malpractice Insurance for Counselors?

Insurance Basics

Benefits of Therapist Liability Insurance

Insurance Basics

What’s the Average Counselor Malpractice Insurance Cost?

Insurance Basics

Risk and Hazards of Being a Massage Therapist

Insurance Basics

Do Nutritionists Need Insurance?

Insurance Basics

What’s Included In Massage Insurance Coverage?

Insurance Basics

Everything You Need to Know About Malpractice Insurance Coverage For Nutritionists

Insurance Basics

Do Massage Centers Need Insurance?

Insurance Basics

How Much Does Nutritionist Insurance Cost?

Insurance Basics

Insurance Plans For Nutritionists: Everything You Need to Know

Insurance Basics

Massage Therapy Insurance: A Beginner’s Guide

General

Coronavirus Outbreak: 3 Tips to Keep Your Healthcare Business Safe

General

Company Working From Home? Stay Safe of Cyber Attacks

Insurance Basics

Business Interruption Insurance and Coronavirus

General

4 Best Practices for Medical Workers During the COVID-19 Outbreak

Insurance Basics

Inside the Hacker’s Mind – Social Engineering

Insurance Basics

Do Consultants Need Insurance?

Insurance Basics

Fitness Center & Gym Insurance: A Beginner’s Guide

General

Should Your Company Work From Home During the Coronavirus Outbreak

Insurance Basics

Why Your Business Needs Wellness and Fitness Insurance: A Comprehensive Guide

Insurance Basics

What Is the Cost of Gym Insurance?

Insurance Basics

What Insurance Do Consultants Need?

Insurance Basics

How Much Is Insurance For a Consultant?

Insurance Basics

Benefits of Consulting Insurance Coverage

General

Pay as You Go Insurance for Healthcare Professionals

General

You Have Your Physician Assistant’s License: Now What?

General

Why Are You Still Buying Occurrence Malpractice Coverage?

General

What Does Malpractice Insurance Cost?

General

Physician Assistant Malpractice Coverage: A Practical Guide

General

Do Student Nurses Need Malpractice Insurance?

General

Ouch, You Hurt Me! Do Nurse Practitioners Need Their Own Malpractice Policy?

General

What Type of Insurance Do Nurses Need?

General

Understanding Insurance Terms: Back to Basics

General

What Does Professional Liability Insurance Cover?

General

Types of Insurance Available for Small Business Owners

General

Potential Small Business Risks

General

General Liability Insurance: How to Keep your Business Protected

General

Choosing a Business Insurance Provider: Everything You Need to Know

General

Business Insurance Plans – Do I Need One?

General

Benefits of Professional Liability Insurance

General

What Is the Average Cost of Errors and Omissions Insurance?

General

What Is Cyber Liability Insurance?

General

What Does Errors and Omissions Insurance Cover?

General

Cyber Insurance 101: Why You Need It

General

What Does a Cyber Liability Policy Cover?

General

Errors and Omissions Coverage: What Is It & How Does it Work?

General

What Is the Average Cost of Cyber Liability Insurance?

General

Who Needs Errors and Omissions Coverage?