What are the Consequences of Non-Compliance?

Common HIPAA Violations

favicon-16x16

Notice of Privacy Practices does not contain all the required disclosures and has not been updated to meet the HITECH Act requirements.

favicon-16x16

Practice does not follow the uses and disclosures as listed in their Notice of Privacy Practices.

favicon-16x16

Lack of documented training of ALL employees, including physicians.

favicon-16x16

Lack of an enforced tiered Sanctions Policy.

favicon-16x16

“Minimum Necessary” standards was not utilized when authorizing access to ePHI.

favicon-16x16

All staff members are not assigned a unique identifier for system access.

favicon-16x16

Practice does not have in place policies and procedures to ensure an accurate and complete Accounting of Disclosures.

favicon-16x16

Documented Confidential Communications process was not in in place.

favicon-16x16

The organization does not have a documented list of all users and level of access to ePHI.

favicon-16x16

The organization has not developed a Contingency Plan.

favicon-16x16

The organization is not monitoring their audit logs.

favicon-16x16

Business Associate Agreements have not been implemented with ALL Business Associates.

A $100 fine can easily become a $525,000 penalty

CompliantHIPAA ViolationFine#DaysStatutory Max/YrTotal Amt of Fine Levied
Complaint filedPatient denied access
to Designated Record Set
$100300$25,000$25,000
Found by OCRNo right by patient
to Amend record
$100300$25,000$25,000
Found by OCREmployees not trained on
HIPAA for past 6 Years
$1006 Years$25,000$150,000
Found by OCRPractice did not have a Sanctions Policy
that was applied to employees that violated HIPAA
$1006 Years$25,000$150,000
Found by OCREmployee that violated Patient Rights
to Access was not sanctioned
$100300$25,000$25,000
Found by OCRHIPAA Required Documentation
was not kept on Training
$1006 Years$25,000$150,000
Total Penalty$525,000

Aris protects their clients through Partnership, Education, and Support.

©2022 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC