Rite Aid to pay $1M to settle HIPAA privacy case
The regulators mean business. This is not the first enforcement of HIPAA by any means, but it is a significant one both in scope and in penalty.
We often hear busy doctors say I just use email. The patient says it is OK.
It may be OK with the patient, but it is not OK with regulators. In this case, both the Federal Trade Commission and the Office of Civil Rights of Health and Human Services have accused Rite Aid of improperly disposing of records in an unauthorized trash container.
Occasionally, it seems best to have the end justify the means – it more likely will not be the right thing to do. In matters such as HIPAA, it is a high risk maneuver. Since ClickCare can get to the same end in a legal way, why not use it? Further, all collaborations are saved and available for reference and teaching.
The HITECH act (which provides loans for EMR adoption) added teeth to the HIPAA regulations:
The Health Information Technology for Economic and Clinical Health (HITECH) Act provides a tiered system for assessing the level of each HIPAA privacy violation and, therefore, its penalty:
Tier A is for violations in which the offender didn’t realize he or she violated the Act and would have handled the matter differently if he or she had. This results in a $100 fine for each violation, and the total imposed for such violations cannot exceed $25,000 for the calendar year.
Tier B is for violations due to reasonable cause, but not “willful neglect.” The result is a $1,000 fine for each violation, and the fines cannot exceed $100,000 for the calendar year.
Tier C is for violations due to willful neglect that the organization ultimately corrected. The result is a $10,000 fine for each violation, and the fines cannot exceed $250,000 for the calendar year.
Tier D is for violations of willful neglect that the organization did not correct. The result is a $50,000 fine for each violation, and the fines cannot exceed $1,500,000 for the calendar year.
The HITECH Act also allows states’ attorneys general to levy fines and seek attorneys fees from covered entities on behalf of victims. Courts now have the ability to award costs, which they were previously unable to do.
Comments based on http://www.healthcarefinancenews.com/news/rite-aid-pay-1m-settle-hipaa-privacy-case, quoting Editor’s note: This is an excerpt from the April 2009 edition of the HCPro, Inc. newsletter, Briefings on HIPAA.