Blog > Avoid Misunderstanding HIPAA Omnibus Rule Penalties
October 21, 2013
Avoid Misunderstanding HIPAA Omnibus Rule Penalties

Avoid Misunderstanding HIPAA Omnibus Rule Penalties

Avoid Misunderstanding HIPAA Omnibus Rule Penalties

Share

hipaa omnibus rule penalties resized 600While the HIPAA Omnibus Rule should not be categorized as sweeping reform legislation, it does impact a variety of HIPAA rules, including the following.

  • HIPAA Privacy Rule;
  • HIPAA Security Rule;
  • HIPAA Breach Notification Rule and
  • HIPAA Enforcement Rule.

Spanning over 500 pages, the Omnibus Rule is not easily summarized or understood by medical providers. Understandably, this complexity leads to misunderstandings.

The Omnibus Rule did involve sweeping changes to.penalties for each HIPAA violation. The new penalty system, while not nearly as complex as the Omnibus Rule, is still easily misunderstood because the Omnibus Rule can be so challenging to understand.

Omnibus Rule Penalties

Non-compliance monetary penalties are higher for any and all breaches of protected health information (PHI). These new penalties apply whether PHI breaches were intentional or accidental.

There is no true maximum fine per year, but breaches in PHI can realistically cost up to $1.5 million annually. These new penalties target “business associates” to healthcare providers. Repeat PHI breaches provide for theses $1.5 million penalties.

Business Associates

The Department of Health and Human Services (HHS) widened the previous definition of business associates in 2013, requiring they report PHI breaches directly to the HHS Office of Civil Rights and full compliance with all new HIPAA Privacy and Security Rules.

Even those organizations who are loosely or peripherally associated with a healthcare provider are now covered under the penalty system. With a late September 2013 compliance date, organizations falling under the business associate definition are bound by the new penalty system.

Avoiding HIPAA Omnibus Rule Penalties

With penalties ranging from $100 to $50,000 for first violations up to $1.5 million for repeated violations yearly, it is imperative that medical service providers and business associates understand and avoid the Omnibus Rule penalty system.

With the continuing conversion to fully digital, electronic patient records, practice and third-party IT providers are particularly concerned with the additional Omnibus Rule penalties. The probability of PHI breaches is much higher with IT than with most other medical practice personnel.

Consider these steps, at a minimum, to minimize the potential for rule violations.

  • Medical service providers and practice managers must gain good understanding of important provisions of the HIPAA Omnibus Rule. While a number of sources have made valiant attempts at summarizing the key pitfalls of the 500-page Omnibus Rule, confusion still reigns in many practices. It’s imperative that providers do whatever it takes to understand the rule provisions.
  • Thoroughly educate billing, coding and administrative staff on the major provisions and pitfalls with the new rule. Once there is understanding, it’s equally critical to train and educate all practice staff and business associates. This is ground zero for HIPAA PHI breaches.
  • Prepare properly for RAC and HIPAA audits that may come. Always an important plan, new heavy rule penalties make it imperative to prepare for outside audits. Since the penalties apply for human error, not just willful violation, practices must minimize all mistakes, however seemingly minor.
  • Medical providers still unsure of the new regulations, interpretations, definitions and/or penalties should consult with external advisors to clear away any confusion. Service providers must check their egos at the door; the penalties are too severe. Medical providers should not hesitate to get outside help if major HIPAA Omnibus provisions remain a bit “cloudy.” It is simply not worth the risk of violations.
  • Arrange for top legal counsel representation should potential violations be alleged. Find legal counsel that understands the new rule regulations, definitions and penalties. Arrange an “as needed” agreement with a legal expert, who also understands the appeal process, should disputed alleged violations occur.

Avoiding HIPAA Omnibus Rule penalties is a must have primary goal of all medical service providers and practice managers. Taking these steps will help eliminate most potential violations. Properly preparing to defend alleged violations is just as vital.

 

{{cta(‘677eb645-eebd-4c45-a37d-e84cc5d3e4a7’)}}
Image courtesy of www.foxgrp.com

Related

New Impediment for Planned Mergers: FTC Updates Requirements

Few documents remain the same. Revisions, recensions and emendations are commonplace—even when it comes to ancient and revered texts. We have no original manuscripts of Homer’s Iliad and Odyssey. All we have are copies, but there are three “textual families” of these extant copies, meaning there are variants in some of the wording. It’s up to textual critics to determine which family of copies best represents the original rendering per passage, and this sometimes leads to slight updates in our modern versions of these classic works. Even the vaunted U.S. Constitution has undergone updating over the years through the amendment process.

See Post

The Keys to a Successful Anesthesia Practice

Today’s anesthesia practices are all struggling with three main management challenges. First, they must generate consistent and sufficient cashflow to manage the practice budget. Second, the primary budgetary challenge is to recruit and retain a sufficient staff of qualified providers to perform the services required by the facility. Third, it is not enough to manage the AR and find and retain qualified providers; one must establish and maintain a symbiotic relationship with the facilities it services. While many practices can achieve some of these requirements, many struggle attaining all three. The only practices that will survive long term are those that maintain an effective strategy to balance the three.

See Post

Status of IV Fluid Shortage

America is facing a sudden shortage of vital fluids used in hospitals across the country. According to an October 17 report in The Hill, hospitals were left scrambling after hurricane Helene caused flooding to a Baxter plant in North Carolina, where approximately 60 percent of the nation’s IV fluid supply is manufactured. As a result, more than 86 percent of hospitals are experiencing shortages of IV fluids, according to a survey of more than 250 health facilities conducted by supply chain company Premier Inc. Shortages were evenly spread nationwide, across all provider types. According to the survey, 54 percent of facilities reported they had 10 or fewer days of IV fluids in inventory.

See Post