HIPAA: What Happens When You Don’t Comply?
Most nurse practitioners understand the basics of HIPAA. But, with the abundance of social media and a newfound cultural acceptance of sharing your life online, HIPAA violations are frequent. What are the repercussions of a HIPAA slip-up?
With 77 percent of workers in the U.S. holding a Facebook account and two-thirds of these employees accessing their accounts on the job, it is now easier than ever to make a HIPAA-related lapse in judgement. Both employers and employees are liable when these lapses occur. What penalties do they face?
HPIAA Violations Will Cost You and Your Employer
Individuals and entities such as hospitals and insurance companies face anywhere from a $100 to $50,000 government fine (maximum of $1.5 million per year) for negligence in handling private patient information. The real penalties, however lie in civil lawsuits. Should a patient sue you for breaking HIPAA law, you could also be liable for thousands of dollars or more in monetary penalties paid to the patient. In extreme cases, HIPAA violations can result in jail time. Obtaining patient information for personal or commercial gain, for example, carries a maximum ten year prison sentence.
Companies Lose Big in HIPAA Violations
Several large settlements have been paid by major companies in relation to HIPAA violations. Massachusetts Eye and Ear Infirmary was fined $1.5 million last month after a physician’s laptop was stolen while he was traveling abroad. The laptop contained 3,500 patient health records. It was never confirmed that patient confidentiality was breached or that any individual patient suffered as a result of this incident. The hospital was still fined after informing the U.S. Department of Health and Human Services of the episode. CVS Caremark has also faced steep HIPAA-related penalties. They paid a $2.5 million dollar fine after employees disposed of patient health information in garbage bins.
Individual Consequences of HIPAA Infractions
On an individual level, many nurses and other providers have been charged with HIPAA violations. While most violations end in a lesser penalty such as termination or suspension of employment, one nurse found herself serving an eight day jail sentence for breaching patient privacy laws. She had taken photos of elderly patients and posted them on her Facebook wall (the photos were disturbing in nature influencing her harsher punishment). Several employees at the University of California Los Angeles were found snooping into medical records of various celebs including Britney Spears and Tom Cruise. These employees were suspended and UCLA fined $875,000 for the incident.
So, what’s the bottom-line? HIPAA law is strict. For the protection of your patients and your own legal security, it must be followed closely. Be smart with patient information. Keep patient records away from the prying eyes of others. Don’t post information about your patients on Facebook or other social media channels. Never take pictures of anything involving patient care. Most of all, mind your own business!