Common Misconceptions about HIPAA
Here are some common myths about HIPAA compliance that we’ve heard from small to mid-size covered entities and business associates across the country:
HIPAA only regulates electronically transmitted data.
HIPAA applies to all forms of communications. Written, verbal and any form of electronic transmission, including personal email notes and social network posts.
If improperly released information is not exploited, there is no violation of the law.
In many of the cases of improperly released PHI that have hit the headlines over the last several years, no one had any way of telling how and if patient data had been exploited after the release of information BUT they still got hit with the big fines and penalties. It is the act of improperly releasing the information that is the violation.
Who is exempt from HIPAA regulations?
HIPAA governs anyone and everyone who creates or handles patient records-right down to the high school student who works part-time filing charts. The largest penalties in 2010 were large pharmacy chains.
Little HIPAA violations don’t matter, no one will ever find out.
This is unfortunately the mentality of many employees in smaller organizations. In fact though, all it takes is one patient complaint and the whole office will be under serious scrutiny.
And just as a reminder, the maximum fines and penalties for failure to comply with HIPAA laws are $250,000 and 10 years imprisonment-and that’s just the penalties for an individual! Not to mention the damage the resultant inevitable bad publicity will have on any practice or office in both the short and long term.
If during the course of your employments you have a question about HIPAA, please check with your Privacy/Compliance Officer.
One last thing.
We can offer HIPAA Compliance training for Privacy and Compliance Officers, as well as the rest of your staff.
Our HIPAA compliance products will help ensure that you are always in the know about new rules and regulations/procedures regarding HIPAA.