A look at health plans, HIPAA compliance, and costly violations

A look at health plans, HIPAA compliance, and costly violations

The fact is this: HIPAA audits are on the rise. Are you focusing on the right violations?

Part of the problem with the increasing number of violations, audits, and fines results from an age-old problem, out-of-sight, out-of-mind.

As an employer, are you incorrectly assuming that if your plan is outsourced, you don’t have to worry about HIPAA compliance? Think again.

With that mentality, you could wind up with a costly HIPAA violation on your books. Let’s dig a little deeper into what each initial violation will cost you:

  • Violation (A): Did not know – Between $100 to $50,000
  • Violation (B): Reasonable cause – Between $1,000 and $50,000
  • Violation (C): Willful neglect that has been corrected – Between $10,000 and $50,000
  • Violation (D): Willful neglect that goes uncorrected – Up to $50,000

Do these numbers look small? Consider that while an initial violation may not be terribly costly on its own, stacked on top of one another in a calendar year, these violations could wind up costing your business a lot of money.

Why? Because subsequent hits can carry fines up to $1.5 million a-piece, regardless of the violation category.

Also consider this: if the auditors find one violation, they will undoubtedly come looking for more. Your business will remain under the microscope for the foreseeable future.

Since many self-funded plans haven’t updated their materials with the new regulations (put into place almost four years ago), it’s only a matter of time before auditors sniff out the inconsistencies.

So, what’s an employer to do? Make sure you conduct thorough risk assessments for all your group health plans. By staying on top of request-for-proposals and asking the right questions of brokers, insurers, and vendors, you can keep auditors from knocking on your door.