By: Peter E. Hansen, Esq.
In 2012, the Department of Health and Human Services (HHS) will begin auditing employers for compliance with HIPAA's privacy and security regulations. HIPAA, or the Health Insurance Portability and Accountability Act of 1996, covers employers who maintain either physical or electronic documents containing "protected health information," or information created by a health care provider that concerns an individual's physical or mental health. HIPAA's coverage is broad, extending to many employers who are unfamiliar with the privacy and security regulations and, as a result, may be subject to fines ranging from $100 to $50,000 per violation.
HIPAA's privacy and security regulations have undergone significant changes over the last several years, due in large part to information technology. In fact, the HHS amended HIPAA's privacy and security regulations in 2009, 2010 and 2011. This trend is likely to continue as the HHS will soon issue final regulations concerning "metadata," or data about data that is hidden within electronic documents.
Given the ever-changing nature of HIPAA and potentially high penalty for non-compliance, employers should review their existing HIPAA privacy and security procedures to ensure compliance with current federal regulations - and, if none exist, determine whether such procedures must be implemented.
Questions? Please contact WS Attorney Peter E. Hansen at (262) 560-9696, or email firstname.lastname@example.org