Health care has long been a highly regulated area, but it seems that in recent the regulations have become more and more complex. Particularly complex are those regulations regarding privacy and the safekeeping of patient medical information. We keep abreast of the ever-changing regulatory environment that our clients operate in, and assist organizations in complying with the complex regulations that the health care industry is subject to. In particular, we can assist organizations by advising and interpreting regulations, especially HIPAA and HITECH. Further, if you or your organization has been cited with a violation of HIPAA or HITECH, we can defend the charge and help you resolve the difficulty.
HIPAA, the Health Insurance Portability and Accountability Act of 1996, is possibly the most well-known privacy law that effects the health care industry. The privacy laws under HIPAA apply to individual medical providers, organizations, and agencies known as “covered entities” and to the outside providers known as “business associates.” There are three types of covered entities: 1) health care providers, which includes doctors, clinics, pharmacies, and nursing homes; 2) health plans, which include insurance companies, HMOs, and government programs that pay for health care; and 3) health care clearinghouses, such as billing services.
Not only must covered entities abide by the regulations imposed under HIPAA, but their business associates are also held to the same standards. In order to engage a business associate and be in compliance with HIPAA, the covered entity must have a written contract or arrangement with the business associate. The contract or arrangement must state specifically what the business associate has been retained to do, and it must also require the associate to comply with the HIPAA requirements to protect patient information.
Failure to comply with HIPAA carries steep penalties. A breach of privacy under HIPAA or the failure to include the required administrative, physical, and technical safeguards can result in fines ranging from $100 to $50,000 per violation. If the violation is committed knowingly, then the covered entity or business associate may also face criminal charges. Further, in some instances, business associates may be held personally liable for noncompliance with HIPAA Rules.
HITECH, or the Health Information Technology for Economic and Clinical Health Act, was passed in 2009. As its name suggests, HITECH addresses the security and privacy issues associated with sending health information electronically. But, because HITECH was initially part of the American Recovery and Reinvestment Act, it also contains certain incentives.
The penalties under HITECH are even more severe than those under HIPAA. Under HITECH, there are four levels of violations and four levels of penalties. The most serious violations carry fines of up to $1.5 million. Further, HITECH imposes penalties on providers who did not know that they committed a violation and, despite reasonable diligence, could not have known of the violation.
In addition to penalties, HITECH offers incentives to health care providers who make meaningful use of electronic health records (EHRs). Meaningful use means “providers need to show they’re using certified EHR technology in ways that can be measured significantly in quality and in quantity.” The incentive aspect of HITECH is aimed at encouraging health care providers to make the transition from paper records to electronic ones. Doctors who do not adopt EHRs will be assessed fines beginning in 2015.
Because of the dual nature of HITECH, compliance with this law is especially important. This is because not only can compliance save your organization from facing tough penalties, but also because compliance will ultimately boost your organization’s efficiency by making greater use of electronic resources. We are knowledgeable in HIPAA and HITECH, and we are able to advise our clients on how to comply with these regulations. Further, our extensive experience in litigation means that we are also your top choice when it comes to defending against charges and the associated penalties.