Tuesday March 09, 2010
BridgeFront - http://www.hipaaemployer.net & HIPAA For Employers and Brokers - HOME
  

 
HIPAA Security > About HIPAA Security - Continued
Understand the Importance of Information Security

10. Auditing & Monitoring

Auditing and monitoring of your security compliance infrastructure is key to the long-term success and effectiveness of your program. Requirements will change over time (due to regulatory and business changes) and your privacy & security program should change with them. Implementing a process or procedure that doesn't work operationally creates a false sense of security. Create a feedback loop that allows you to quickly identify dysfunctional processes, so you can evaluate how to get the same results another way.
Are there any penalties for not complying with the Rules?

Yes. There are both civil and criminal penalties for noncompliance. Civil penalties may be assessed at $100 for each provision of the Rules violated, with an annual cap of $25,000 per person, per violated provision. Criminal penalties for knowing violations of the Rules may include monetary fines as well as imprisonment. Fines range from up to $50,000 and one year of imprisonment to up to $250,000 and up to 10 years of imprisonment. [42 USC §§ 1176, 1177.]
Who enforces HIPAA?

HHS has delegated responsibility for enforcing the Rule to the Center for Medicare / Medicaid Services (CMS). CMS's enforcement regulations have not yet been published. [65 Fed. Reg. 82472.]

Can a participant or beneficiary sue me for alleged violations of the Rules?

The Administrative Simplification Rules themselves do not provide a private right of action, meaning they do not authorize private individuals to sue covered entities, such as covered group health plans, for alleged for violations. [65 Fed. Reg. 82566, 82604.]

Nonetheless, employers might find themselves subject to private lawsuits under other theories. For example, in certain circumstances, the Administrative Simplification Rules require an employer to amend its group health plan documents. To the extent that such a group health plan is governed by ERISA, participants and beneficiaries will have the right to sue for enforcement of the plan document, including, perhaps, the amendments required by the Administrative Simplification Rules.

In addition, as noted above, state laws providing more stringent remedies are likely to apply. Those applicable state laws may provide private rights of action, and if they do, participants and beneficiaries may be able to invoke them. [65 Fed. Reg. 82582.]

Where can I find more information about HIPAA?

More information about HIPAA can be found at the following web sites:
Page 4 of 4
<<< Previous Page   Next Page >>>
Picture
HIPAA SECURITY LINKS
HIPAA Newsletter
Online HIPAA Training
HIPAA Privacy Workbooks
HIPAA Security Workbooks
HIPAA White Papers
©® 2002-2010 BridgeFront