Physicians and other healthcare providers must comply with Health Insurance Portability and Accountability Act (HIPAA) regulations.
There are many actions that HIPAA prohibits, and mistakes are easy to make. Penalties for violations are severe, but can they affect the status of your professional license?
Code of Ethics
The Code of Ethics for healthcare professionals covers a variety of issues with the goal of providing the best patient care. Parts of the Code became federal law with the passage of HIPAA, which includes the Privacy Rule, establishing the protection of patient health information.
Violations
Common HIPAA violations include but are not limited to:
- Employees gaining unauthorized access to patient information
- Posting information online
- Failing to keep patient information secure
- Forwarding information to a personal email account
- Talking or texting about patient information
Penalties include disciplinary action and fines of up to $50,000.
OCR enforcement
The Office for Civil Rights (OCR) under the Department of Health and Human Services enforces HIPAA Privacy and Security Rules. The OCR investigates complaints, conducts compliance reviews and provides education regarding HIPAA requirements. If a complaint appears to involve criminal activity, the OCR may refer it to the Department of Justice.
Criminal penalties
There are different penalties depending on the level of severity. For example, a violation carried out under false pretenses could mean a fine of up to $100,000 and a prison term of up to five years. If the crime involves intent to sell or use health information for personal gain, commercial advantage or malicious harm, conviction could carry a fine of up to $250,000 and a prison term of up to 10 years. If you find yourself under investigation for a possible HIPAA violation, your attorney will build a defense strategy to provide the best outcome possible for your case and help you preserve your professional license.
