Infinisource ... Benefits Challenge? Benefits Solved.
 
March 16, 2006

Final Enforcement Rules Released for HIPAA

The Department of Health and Human Services (HHS) issued 45 pages of its long-awaited final enforcement rule governing the HIPAA privacy, security and related rules, calling it a regulation with “extremely broad implications” for healthcare. The final ruling was released on February 16, 2006 and it details how HHS will define violations, determine culpability and the steps that organizations may take to protect themselves.

These rules become effective March 16, 2006 with few changes from last April’s proposed rules. The most significant changes HHS made to the proposed version involved the controversial provisions for determining how many violations a group health plan or other covered entity has committed. In counting the violations of an identical requirement, the proposed rules gave HHS discretion to consider the number of times the entity committed the violation, the number of persons involved in or affected by the violation and the duration of the violation.

As outlined within the final rules, it clarified the number of impermissible actions or failures, the number of persons affected and the number of days the violation occurred would determine penalties. The amount of civil monetary penalties may not be more than $100 for each violation and cannot exceed $25,000 for identical violations in a given calendar year. These factors could impact how quickly the maximum penalty of $25,000 could be reached.

The significance of the final rule is that the last major obstacle to extensive enforcement has been removed. The HHS Office for Civil Rights (OCR) is charged with enforcing HIPAA. Employers can expect increased scrutiny of HIPAA policies and procedures going forward. In the past violations were only imposed due to individuals filing complaints. However, with the enforcement rules finalized, there may be random reviews (audits) to determine if a covered entity is in compliance. OCR, Medicare and Medicaid Services and the Office of HIPAA Standards (OHS) are responsible for random audits and compliance determinations.

For more information on the proposed ruling, see the News Room article HIPAA penalties issued in proposed rules

If you are struggling with your HIPAA Compliance program, contact Infinisource for more information on this or other employee benefit administration and compliance issues at 800-779-6384 or visit our website, www.benefitsolved.com.

 

###

News Room sign-up sheet | Archive

 

Contact the Infinisource Sales Team
Request Contact | Quick Quote | 800-779-6384 | e-mail

Contact Infinisource Customer Response
COBRA Clients: 800-300-3838 COBRA Participants: 800-594-6957
FSA/HRA Clients: 800-796-7910 FSA/HRA Participants: 866-370-3040

Home | About Us | Benefits News | Benefits Resources | Privacy Statement

© 2007 Infinisource, Inc.