(MSPAlliance) – Thursday, April 20, 2006 – The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the complex medical security act that ensures and regulates privacy and security for electronic data in medical transactions, including personal health records. The emphasis for the past decade has been on voluntary compliance instead of punishment for breaking the law.
Now, however, enforcement guidelines have been published. Companies face fines of up to $25,000 per violation per year. The Department of Justice has authority only to investigate serious violations involving the deliberate misuse of patient information. The more serious punishment for companies is bad publicity resulting from the disclosure of HIPAA violations.
The rules are purposefully nonspecific about technology and implementation processes, designed to provide flexibility for the wide variety of health care organizations covered under HIPAA, from a single-provider practice to the largest hospitals and insurance companies.
HIPAA regulations are designed not just to simplify administration, but also to reduce costs by relieving the paper burden. Paper claims cost between two to ten times more to process than electronic ones. Despite the fact that HIPAA imposes regulations, deadlines and additional expenses on companies, it largely saves money by improving administrative management.