HIPAA violation cost money. Based on the degree of negligence, the fines for noncompliance can range from $100 to $50,000 per infraction (or each record), with a maximum fine of $1.5 million per year for infractions of the same provision. Criminal charges for violations may also lead to jail time.
The quantity of patients and degree of carelessness will affect how much the fines rise. The lowest penalties begin with a breach where you weren't aware of the violation and, with due diligence, would not have been.
Fines are assessed at the other end of the spectrum when a violation results from negligence and is not remedied within 30 days.
Reasonable Cause and Willful Neglect are the two main categories into which the fines and charges are divided.
Reasonable Cause does not require any jail penalty and can range from $100 to $50,000 per incident. Criminal charges for willful neglect can vary from $10,000 to $50,000 for each instance.
Although encryption is an addressable specification (rather than a required one), it does not imply that it is optional. Unencrypted data that has been stolen or lost is the main cause of data breaches.
When in doubt, you should implement the Security Rule's addressable implementation specifications. They are generally best practices.
Storage of Data on Devices
Theft causes over half of all data breaches. Unencrypted devices, such as computers and cellphones, significantly raise the danger of a compromise. Your data is securely saved off-site with TrueVault, so if your laptop is stolen, all that is on it is a token and no PHI is exposed.
Employees losing unencrypted portable devices, sending PHI inadvertently to vendors that publish that information online, and disclosing personally identifiable and sensitive information on social media sites are all examples of breaches.
All of these are real-world examples. It is crucial that employees are trained on security measures and that they follow them.
Who is responsible for HIPAA?
The Office of Civil Rights (OCR) has a responsibility to see that the HIPAA Privacy and Security Rules are followed.
Aggrieved consumers can file complaints with the agency over particular acts taken by businesses and covered entities. A few of these platforms are their website, email address, postal box, and fax number.