02-Health Insurance Protability and Accountability Act

Health Insurance Portability and Accountability Act

White Paper

|

October 2020

Enacted in 1996, The Health Insurance Portability and Accountability Act (HIPAA), Public Law 104-191 set the standard for medical professionals who handle electronic health records. The Department of Health and Human Services (HHS) ensures and enforces HIPAA compliance. HHS has mandated that healthcare organizations must enact data security action plans that specifically outline how records will be protected. Compliant plans must implement safeguards at the administrative, physical, technical and organizational level.

Monetary Penalties

The monetary penalty structure under section (a)(3) is applied in Tiers:

Tier 1
(did not have knowledge of violation): $100 to $50,000 per violation; capped at $25,000 per year
Tier 2
(reasonable cause exists): $1,000 to $50,000 per violation: capped at $100,000 per year
Tier 3
(willful neglect, corrected); $10,000 to $50,000 per violation: capped at $250,000 per year
Tier 4
(willful neglect, not corrected): $50,000 per violation; capped at $1.5 million per year

Sections 261 to 264 of HIPAA require the Secretary of HHS to publicize standards for the electronic exchange, privacy and security of health information. The HHS assesses monetary penalties under 42 USC 1320d-5: General Penalty For Failure To Comply With Requirements and Standards.

Contact TechR2

Learn about Tear-A-Byte®

Schedule an Overview

SHARE THIS WHITE PAPER

To meet United States and International regulations, TechR2 is recognized for compliance with GDPR, NIST and all governmental regulations concerning data destruction. | Copyright ©2020. Tear-A-Byte® is a registered trademark of TechR2.

▶

◀