When a person is treated by a medical professional, they trust that they will not only receive good care, but discretion. These professionals are allowed access to this information with the condition that they will keep the information private and confidential. This is enforced by the Health Insurance Portability and Accountability Act (HIPAA), established in 1996.
What is HIPAA?
HIPAA was created to ensure the protection of all patients’ medical records and health information. All healthcare providers are required by law to comply with the rules and regulations of HIPAA. This ensures that a patient’s confidential information will not be shared or made public to anyone who does not have authorization to receive it. This is the case even if the individual’s condition is not sensitive or severe.Â
When patients fill out paperwork regarding their medical information, they are able to give consent, allowing another person access to their records. This may be a parents, spouse, or other loved one. If a medical professional shares information with a designated person, it is not considered breaking HIPAA laws.Â
How is HIPAA Enforced?
It is the job of the United States Department of Health and Human Services to make sure HIPAA laws are enforced. This is done by an Officer for Civil Rights (OCR) who investigates any complaints, conducts compliance reviews, and educates providers on HIPAA rules. Any medical professional who fails to comply with these laws may face certain penalties, both civil and criminal, as a result.Â
What is Considered a HIPAA Violation?
Any situation in which a medical professional shares information about their patient to another party who is not designated to receive such information is considered a violation of HIPAA. This is even the case if the professional did not realize they were breaking the law. Simply telling another party that a patient is receiving treatment or care is considered a violation.Â
When this happens, it can be reported by a hospital, another physician, or the patient themselves to the Office of Professional Medical Conduct (OPMC). This can result in an investigation to find out if HIPAA was, in fact, violated. In the event that it was, the following penalties may be imposed depending on the offense:
- If a professional did not know they were in violation, they may be subject to a $100-$50,000 fine
- If a professional claimed they had reasonable cause to violate HIPAA, they may face a $1,000-$50,000 fine
- If there was willful neglect that was corrected during a certain amount of time, they may face a fine between $10,000 and $50,000
- If there was willful neglect that was not corrected, the professional may face a $50,000 fine
- In the event of multiple violations within the same year, the professional may face a fine of $1.5 million.
Contact our Firm
When a medical professional is accused of misconduct, it is essential that they retain strong legal representation. If you require a medical law attorney for your legal matters, call Paul E. Walker, an experienced New York City OPMC & OPD Lawyer. Please contactthe Walker Medical Law firm to set up a free initial consultation.