If your company is classified as a “covered entity” (most healthcare providers are covered entities) or a “business associated” of a covered entity, you are surely aware of the Health Insurance Portability and Accountability Act (HIPAA). HIPAA requires protection and confidential handling of individuals’ protected health information (or “PHI”). Healthcare organizations and businesses that provided services to healthcare organizations that create, use, or disclose PHI are required to safeguard it and to follow the various HIPAA rules – such as the privacy rule, the security rule, and the breach notification Rules.
A HIPAA violation could leave an individual’s sensitive, personal health information (PHI) exposed to others without causing the individual harm. It could also result in an investigation by the government. As part of its investigation, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights could impose hefty fines and other civil penalties. Following a serious and intentional HIPAA violation, the Department of Justice may pursue criminal charges against the violator.
Given the serious consequences of a HIPAA violation, companies that handle health information and companies who provide services to those companies, should make sure that their handling of PHI is in compliance with the various HIPAA rules.
A HIPAA violation can be harmful to the violated individual as well as to the person or organization responsible for the violation. Our healthcare law attorneys work with covered entities to handle and help prevent violations of HIPAA. To schedule your free initial consultation to learn more about what the team at Hemmer DeFrank Wessels, PLLC can do, call 859-344-1188 or contact us online. We represent businesses in Kentucky and Ohio.