Do HIPAA Fines go away when a practice or business closes?

HIPAA Compliance Frequently Asked Questions

By Aris Medical Solutions

Many medical practices and business associates have the misconception that if they are fined they can simply close their doors and not be obligated to pay the fines or penalties. We have been asked if this will work many times. The Office for Civil Rights (OCR) has answered this haunting question.

Three years ago the OCR received an anonymous complaint against Filefax, Inc. that transported 2,150 patient files to be shredded. These files were left in an unlocked truck in their parking lot, or by granting permission to an unauthorized person to remove the files from Filefax, and leaving the Protected Health Information (PHI) unsecured outside the Filefax facility.

Although Filefax shut their doors during the course of the OCR’s investigation they were still obligated under the law. In 2016, a court in unrelated litigation appointed a receiver to liquidate its assets. In addition to a $100,000 monetary settlement, the receiver has agreed, on behalf of Filefax, to properly store and dispose of remaining medical records found at Filefax’s facility in compliance with HIPAA.

The first step in protecting your practice or business is to conduct a thorough security risk assessment and identify vulnerabilities and workflow. From there you can develop a risk management plan to ensure you document your compliance efforts and mitigate risks.

For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Data call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

About Suze Shaffer

Suze Shaffer is the owner and president of Aris Medical Solutions. She specializes in HIPAA compliance, risk management, and cyber security. She believes that by educating her clients in understanding why and what needs to be done to protect their practice they have a better outcome.

Suze has been instrumental in helping clients nationwide with risk management, implementing privacy and security rule policies and procedures, and ultimately protecting patient data. She includes state and federal regulatory requirements to ensure clients are protected in all areas.

She has spoken at numerous conferences and functions. She continues to educate organizations how to minimize the risks of data breaches. HIPAA compliance is not an option, it is mandatory for every organization that comes in contact with protected health information to have reasonable and appropriate security measures in place. Unfortunately, most organizations don’t realize they are not compliant until they suffer a data breach or they are faced with an audit or investigation.

Did you know that the Office for Civil Rights (OCR) is the agency that investigates data breaches? Have you seen the heavy fines that have been imposed for non-compliance?

All 50 states now have their own set of privacy laws and the State's Attorney General may also investigate privacy violations!

Share This HIPAA Blog

Updating your Contingency Plan

March 25, 2018

How well do you trust your compliance efforts?

April 10, 2018
©2024 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC