HIPAA Enforcement Security Rule Final Publish

The HIPAA enforcement rule is published.

Rick Brady mentioned that “HIPAA has no teeth.” I agree in principle. Martin Jensen mentioned that he used to agree with it not having teeth until he had a conversation with one of the regulators.

I think there are really a few important points. The penalties really are rather small and incosequential compared to the costs of compliancy. Every good business has to weigh those two factors. However, the more difficult concept to calculate is the shame of a HIPAA violation. I can tell you now that this is something for which people are very interested. The most often google search I get is for HIPAA Lawsuits. People are scared of this possibility and want to know who is going to take the fall at HIPAA’s hands. I really feel like I’m stuck between a rock and a hard place. HIPAA compliancy and budgeting.

My only relief is in the following excerpt:

[A] civil money penalty may not be imposed ‘‘if it is established to the satisfaction of the Secretary that the person liable for the penalty did not know, and by exercising reasonable diligence would not have known, that such person violated the provision’’,…if the failure to comply was due ‘‘to reasonable cause and not to willful neglect’’ and is corrected within a certain time, [and] a civil money penalty may be reduced or entirely waived ‘‘to the extent that the payment of such penalty would be excessive relative to the compliance failure involved.’’

About the author

John Lynn

John Lynn

John Lynn is the Founder of the HealthcareScene.com, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference, EXPO.health, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.