September 23, 2013, the official date that HIPAA Omnibus regulations are enforced. One of the results of the new HIPAA Omnibus Rule is that it has raised awareness of HIPAA regulations. Existing covered entities (hospitals, physicians, dentists, chiropractors) and business associates (IT companies, medical billing, law firms, etc.) are scurrying around in efforts to be compliant with the new HIPAA regulations.
What happens after September 23 if an organization is not compliant? Truthfully probably nothing. The HIPAA police will not be driving around in commandeered Geek Squad vehicles. There will not be armies of HIPAA enforcers banging on doors requesting to see your HIPAA risk assessment and proof that you have trained your employees on HIPAA security.
While organizations do not need to fear armies of HIPAA enforcers going door to door, the reality is that the HIPAA Omnibus Rule has expanded HIPAA regulations to millions of organizations. HIPAA Omnibus has increased penalties for non-compliance to $1.5 million. The HHS Office of Civil Rights (OCR) has committed to increasing HIPAA enforcement.
Never too late
If an organization has not made significant efforts to become HIPAA compliant (performing a risk assessment, developing policies and procedures, training employees, developing an incident response plan, etc.) by September 23 it is never too late to start. There is a significant business risk in not complying with HIPAA regulations.
A patient could file a HIPAA compliant that could trigger an investigation, a business associate could lose a USB drive with thousands of patient records, and an organization could be audited and asked to show their HIPAA risk assessment as part of a Meaningful Use Audit. Failure to comply with HIPAA regulations could result in significant HIPAA fines. Being non-compliant with HIPAA is a serious matter and a serious risk.
Ask yourself these questions:
- Would you operate your business without liability insurance?
- Would you hire employees without workers compensation insurance?
- Would you fail to file federal and state business income tax returns?
Each of the above questions and actions carry associated risk. Not being compliant with HIPAA regulations carries similar risks.
It is never too late to comply with the required federal regulations. If you haven’t made the September 23 Omnibus deadline, it is never too late to put your compliance program in place.
Free HIPAA Security Training!
All Covered Entities and Business Associates need to train their employees on HIPAA security. We now offer free online HIPAA security training for Covered Entities and Business Associates. Find out more about our free training and send the information to ALL your colleagues and Business Associates.
Now it is easy to train your employees on protecting patient information!