These days patient privacy is more important than ever. Especially in the mental health industry, where families, professionals, and individuals with autism spectrum disorder undergoing ABA therapy rely on a provider’s utmost discretion.
The Health Insurance Portability and Accountability Act (HIPAA) was passed by the United States Congress in 1996 to ensure patient confidentiality. It specifically sets forth a series of critical regulations that impact providers of every discipline as well as health insurance companies. These regulations extend to not only physical records, data, and information, but also electronic confidentiality requirements.
Healthcare providers need to closely familiarize themselves with the essential details of federally mandated HIPAA regulations as well as all pertinent state confidentiality regulations. This even extends to requirements for things like certification or licensure confidentiality.
So, it only makes sense for all practices to perform a comprehensive HIPAA analysis and refresher audits to ensure that all necessary safeguards are in place. Most ABA therapy practices will perform annual or biannual HIPAA reviews or audits with their staff. This is in addition to any HIPAA training they receive when they are first hired.
What Are The Consequences Of A HIPAA Violation?
There are some differences between HIPAA non-compliance and a direct HIPAA violation. Though either can have a severe negative impact on your practice’s ability to continue to serve patients, as well as your ability to maintain a medical or another type of therapeutic license. Not to mention very stiff fines that can cripple your practice’s financial health.
The penalties for violating HIPAA regulations are broken down into tiers.
First Tier HIPAA Violation
This is defined as “The Covered entity did not know and could not reasonably have known about the breach.”
The penalty for a First Tier HIPAA violation ranges from $1000 to $50,000 per incident up to $1.5 million in penalties.
Second Tier HIPAA Violation
This is defined as “The covered knew or by exercising reasonable diligence should have known of the violation. Though they did not act with willful neglect.”
The penalty for a Second Tier HIPAA violation is similar to the first tier and ranges from $1000 to $50,000 per incident up to $1.5 million in penalties. Though the penalty tends to be on the higher end of the range. Second-tier violations might also have an impact on your ability to practice or might lead to a suspended license to practice.
Third Tier HIPAA Violation
This is defined as “The covered entity acted with willful neglect and corrected the problem within a 30-day period of time.”
The penalty for a Third Tier HIPAA violation comes with a minimum fine of $50,000 with the maximum criminal penalty for the HIPAA violation by an individual set at $250,000. This doesn’t include restitution that needs to be paid to the victim of the violation. Some third tier HIPAA violations can also result in criminal prosecution and jail time.
Fourth Tier HIPAA Violation
This is defined as “The covered entity acted with willful neglect and failed to make any timely correction.”
The penalty for a Fourth Tier HIPAA violation includes a minimum fine of $60,226 up to $250,000. Restitution will need to be paid to the victim of the violation, and criminal prosecution is likely, with possible jail time.
Common Possible HIPAA Violations
With such stiff potential consequences for a HIPAA violation, it only makes sense to maintain constant vigilance with your clinical and administrative staff. This might include simple reminders about some of the more common, sometimes simple, and unintentional HIPAA violations.
- Accidentally disclosing another patient’s information in a waiting room
- Sending PHI in emails that are not secure
- Disposing of documents with PHI in the trash without first shredding them
- Transporting clinical documents in an unsealed pouch or folder
- Disclosing information about a minor to someone other than the parents without a release
- Participating in community-based activities with a client or patient while wearing company apparel
- Transporting patients in a company vehicle that is clearly branded with corporate logos or advertising
- Texting a patient’s medical history
- Using an EMR system that is not 100% HIPAA compliant
- Using telehealth systems that are not 100% HIPAA compliant
- Using vendors that have a past history of intentionally or accidentally violating HIPAA
There are many professional associations and legal consultants that can help your practice with HIPAA preparations and policies. This includes organizations that can help with semi-annual HIPAA policy audits of your staff, or administer retraining seminars.
Considering that even minor HIPAA violations can result in severe infractions, both civil and criminal, HIPAA policies need to be addressed with extreme care as well as the most serious level of professional consideration.
Outsourcing Medical Billing Services Helps Reduce The Risk Of HIPAA Violations
One of the easiest ways to reduce your risk of a HIPAA violation affecting your practice is to outsource your medical billing services to a third-party vendor like Operant Billing Solutions. A lot of small practices and solo practitioners aren’t fully trained in medical billing and coding industry-best practices. This leaves an unnecessary room for error when it comes to potential HIPAA violations
When you outsource to a professional medical billing agency like Operant Billing Solutions, you can trust that highly trained medical billing experts are maintaining a perfectly sealed chain of custody with your patient’s sensitive information. This level of professionalism is carried through at every level. This includes:
- Claim creation
- Auditing for errors and missing information
- Transmitting all claims via HIPAA secure portals
- Industry-best practices coding & medical billing
- Coordinating with payers & public health institutions via HIPAA regulations
- Maintaining all applicable state patient privacy laws
As a bonus, not only do you get the peace of mind that comes from knowing your coding and medical billing are being handled by HIPAA-compliant professionals, but you will likely find you have more time to serve more patients. Using a HIPAA-compliant medical billing agency like Operant Billing Solutions also insulates you from many of the violations that can result in stiff financial penalties.