Who has to comply with HIPAA

Covered Entities

  • Est. 700,000
  • Health care providers who bill electronically
  • Health plans that pay providers
    • Medicare, Medicaid
    • Private Health Plans
    • Self-Insured Businesses

Business Associates 

  • Est. 2-3 million
  • Companies that support Covered Entities
  • Come in contact with ePHI or the systems that have it
Federal HIPAA Enforcements (Penalties)
  • 2014 +215 = $14 million
  • 2016 + 2017 = $42 million
  • 2018 + 2019 = $41 million

HIPAA Guidance & Enforcement

  • Business Associate Liability Fact Sheet (link) – BA’s MUST
    • Comply with the Security Rule – All 40+ requirements
    • Protect PHI, not disclose it, report breaches to Covered Entities
    • Manage Subcontractors to ensure their HIPAA compliance
  • Tennessee Imaging Practice $ 3 million Penalty (link)
    • Failed to conduct an accurate and thorough assessment of their risks
    • Failed to sign a business Associate Agreement with its IT support vendor and 3rd party data center
  • March 2020 – 1 doctor medical practice – $ 100,000 (link)
    • Failed to conduct an accurate and thorough assessment of their risk

Office of Civil Rights (OCR) has under went budget cuts for 2020. Say’s it will make up budget cuts with enforcement. (link)

Terms and Conditions