By The Numbers: The Costs of Not Complying With HIPAA Requirements
Although it doesn’t make the federal government nearly as much money as the False Claims Act and other healthcare fraud law, enforcing HIPAA is still quite a profitable business. There’s also less information about the finances of the endeavor. However, new data from the HHS Office of Civil Rights (OCR) offers some rare insight on the dollars and cents of HIPAA enforcement over the past two decades. Here are some of the key figures, which encompass April 2003 when HIPAA first began being enforced, through 2020: $129,722,482: Total amount of civil penalties and settlements collected by OCR for HIPAA infractions; $26 Million: Highest one-year total collected in past five years (2018); $12 Million: Lowest one-year total collected in past five years (2019); $16 Million: The highest ever settlement for a HIPAA violation, paid by Anthem in 2018 for a massive 2015 data breach affecting 79 million people; 250,367: Total number of HIPAA complaints received by OCR; 3,992: Number of HIPAA complaints that remain open (2 percent of total complaints filed); and $129,722,482: Total amount of civil penalties and settlements collected by OCR for HIPAA infractions. Top 5 HIPAA Complaints The OCR report also lists the top 5 most frequent reasons […]
- $129,722,482: Total amount of civil penalties and settlements collected by OCR for HIPAA infractions;
- $26 Million: Highest one-year total collected in past five years (2018);
- $12 Million: Lowest one-year total collected in past five years (2019);
- $16 Million: The highest ever settlement for a HIPAA violation, paid by Anthem in 2018 for a massive 2015 data breach affecting 79 million people;
- 250,367: Total number of HIPAA complaints received by OCR;
- 3,992: Number of HIPAA complaints that remain open (2 percent of total complaints filed); and
- $129,722,482: Total amount of civil penalties and settlements collected by OCR for HIPAA infractions.
- Impermissible use or disclosure of protected health information (PHI);
- Lack of adequate safeguards for PHI;
- Lack of patient access to their PHI (see Right of Access Initiative);
- Lack of proper administrative safeguards for electronic PHI; and
- Use or disclosure of more than the necessary amount or type of PHI.
Subscribe to view Essential
Start a Free Trial for immediate access to this article