There are a number of regulations and safeguards under the Health Insurance Portability and Accountability Act (HIPAA) and their non-compliance or any breach in privacy is considered to be a violation and can attract civil and even criminal penalties. The punishment will of course depend upon the nature and seriousness of the violation while also considering the harm caused due to such actions. The HIPAA enforcement agency is the Office for Civil Rights (OCR).

The following 4 points will help you to understand the Enforcement rule and how it works.

– The Enforcement Rule: The Enforcement section of HIPAA clearly outlines the procedure to be adopted for investigating any kind of violation of HIPAA rules and also how the hearings should proceed. It details the actions to be taken when there is a breach of security and privacy rules of this Act. It even prescribes the penalties for different levels and extent of non-compliance. Furthermore the rule mentions the covered entities that come under its purview which includes healthcare providers, clearing houses and health plans.

– Ways of Enforcement: Enforcement does not only mean taking action and penalizing but follows a numbers of ways for proper compliance of the rules. The process may require the OCR to investigate any complaint filed or it may conduct reviews on covered entities to ensure all the regulations are being followed. OCR often performs outreach and educational practices to encourage compliance by the concerned parties. OCR may also work with the Department of Justice (DOJ) during certain stages of the Enforcement process.

– Intake and Review: OCR follows a certain channel to intake and review a complaint which it can investigate under the HIPAA laws. OCR begins by finding out if the violation has taken place before or after the date of passing the relevant rules. The privacy and security rules were passed on April 14, 2003 and April 20, 2005 respectively, and violation before these dates is not considered. Next the entities must fall under the HIPAA laws whereas government and law enforcement bodies, life insurance companies and workers compensation entities are excluded. Also the complaint must be filed within 180 days of the violation but can be extended on presenting ‘good cause’ for delay.

– Enforcement Process: In response to a valid complaint the OCR asks for information from both the parties and reviews the same. During the course of investigation it might require additional information and the entities must co-operate completely. With respect to certain criminal provisions of HIPAA, OCR may refer particular complaints to the DOJ. After its investigation it will notify the parties in writing and may ask the covered entities to resolve the matter or take corrective action within a stipulated time. Further non-compliance or more serious violations can invite penalties under provisions of HIPAA. However the entities can ask for a hearing in such matters.

Interestingly, the Enforcement Rule of HIPAA works in a dual capacity by first trying a preventive approach by educating the entities and encouraging compliance and taking a corrective route to penalize violations when deemed necessary.

For more information, please visit our hipaa website.

For more information, please visit our hipaa website http://www.hipaaviolations.com

Author Bio: For more information, please visit our hipaa website.

Category: Wellness, Fitness and Diet
Keywords: health care organizations ,HIPAA,Health Insurance ,HIPAA Compliant,HIPAA Privacy Rule