The government rules and regulations shaped by the Health Insurance Portability and Accountability Act (HIPAA) are continuing to evolve, which can make compliance difficult to measure.
Agencies in charge of compliance oversight and enforcement have ramped up enforcement over time knowing it was going to take a lot of time, both to develop the rules and regulations, and to circulate them throughout the health care industry.
We have now reached the point where compliance expectations are high and oversight and enforcement is taken seriously, as evidenced by the following article from “Medicare Compliance Watch,” dated October 21, 2016:
There are two major takeaways I noted from this article:
First, OCR is imposing some serious fines and stiff rules to ensure compliance is achieved and maintained. Second, clearly, the fined organization did not take HIPAA compliance serious enough. SJH had a responsibility to:
- Develop a deep understanding of compliance requirements and establish accountable people and processes to ensure it was achieved and maintained, OR
- Hire a qualified outside firm that could assume that responsibility for them – and hold that firm accountable!