Orthotic and Prosthetic Services
How to Contact Us

Call Us Today!

Office (810) 629-6424
Fax (810) 626-4762

Mailing Address

Complete Professional Office Services P.O. Box 998 Fenton, MI. 48430

Hours of Operation

Mon - Fri 9 am - 5 pm Closed - Sat and Sun

HIPAA fines have skyrocketed to $21 Million with more on the way!

Special note about this post!!!

I have taken extensive measures at Complete Professional Office Services to prevent the possibility of being hacked, but we never knew what we were missing until we hired a Certified HIPAA Professional to assess our office. We were astonished at what we discovered that could lead to huge fines and penalties.

For this reason, we are assessing all of our clients and will do the same on all future accounts.

The following article was written by Martin Matties, he is the Certified HIPAA Professional we hired to assess our computer systems.  You may not have done much with HIPAA lately, but here is why you should look into it now.

John Dolza… President CPOS

Reposted from JMEInc.com “HIPAA fines have skyrocketed to $21 Million with more on the way!” – Published January 10, 2017

HIPAA fines have skyrocketed to $21 Million with more on the way!

HIPAA has been around since it was first proposed in 1999 but most of the requirements have not been followed. In fact, up until 2011 there was very little enforcement and no fines were even given.

Why, you might ask? …

HIPAA was introduced with no enforcement rules. It was on the honors system to implement it.

That all changed in 2008 when the Office of Inspector General (U.S. Department of Health & Human Services) put out a report finding that CMS (Centers for Medicare & Medicaid Services) was not enforcing HIPAA. This meant that many medical practices were not complying with the rules. This places patients at significant risk to exposure of their personal health information due to poor security.  OCR (Office for Civil Rights) is now responsible for HIPAA enforcement. This gave individual State Attorney Generals and others the right to enforce HIPAA civil penalties.

Even with the right to enforce HIPAA there still was no way to pay for it. That changed with the HITECH Act. The HITECH Act paid to hire the staff required needed. This included former prosecutor, Jocelyn Samuels, to be the Director of OCR.

OCR 2016 funding was $39 million with a 2017 budget increased to $43 million. All fines and penalties given by the department will be kept by the department which means that the economic model for HIPAA enforcement is sustainable.

HIPAA fines are Huge!

2016 was a banner year for HIPAA Fines. The number of penalties handed out was over 3 times the amount from the previous year. In 2015 the total HIPAA penalties levied was $6.1 Million and in 2016 that amount skyrocketed to 21 Million and counting.

Like many practices your first concern is the good heath of your patients. All the work you do generates extremely valuable data stored on computer systems. This data is in high demand by hackers and regularly sold on the dark web. As a result, this puts your patients at risk unless you take steps to secure your practice and computer systems.

We have seen many good honest practices just not have the required expertise nor the time required to make their computer systems safe, secure and HIPAA compliant. This ultimately places their patients at increased risk of identity theft, Medicare and insurance fraud. Unscrupulous hackers can use Personal Health Information to steal patient identities and make fraudulent claims against their insurance programs, open accounts in their names and make your patients’ lives miserable. If you want to protect your patient’s personal information and your practice from large penalties and fines, then it’s time to start looking very hard into your HIPAA compliance.

Not sure where to start?

The very first thing is to get an overview of HIPAA requirements and how it applies to you. I have put together the 20 Minute HIPAA Quick Start Guide to help you. Take the next 20 minutes and answer the questions the best you can. “I don’t know” is a good answer, “No” is a good answer and “Yes” is a good answer. Don’t forget we are trying to figure out what we don’t know so we can avoid penalties and security breaches. The more you find out now, the better.

If you find your answers are “no” or “I don’t know” or not sure what the questions mean, chances are you need some help. Contact my office to discuss how we can help get your practice HIPAA Compliant @ (810) 695-4258 or martin.matties@jmeinc.com

HIPAA Webinar February 23, 2017

If you would like to register for our HIPAA Webinar now, CLICK HERE!



Leave a Reply

Your email address will not be published. Required fields are marked *