If you work in the healthcare field and even potentially can be in contact with any patients’ information, you should take HIPAA compliance seriously, because violations are costly. It is especially true if you are engaged in any medical marketing activities.
On August 4th, 2011, Kathleen Sebelius, the Secretary of the US Department of Health and Human Services, filed a complaint with the District Court of Maryland against Cignet Healthcare (Case No. 8:11-cv-02168-RWT).
As a result, Cignet Healthcare was fined $4,351,600 for HIPAA violations.
What kind of violations? According to the complaint, Cignet Healthcare failed to provide 41 patients with timely access to medical records to and failed to cooperate with the HHS Office of Civil Rights investigation of these 41 cases.
Failing to provide access to the medical records to 41 patients may not sound like much, but HIPAA turns out to be a very unforgiving law.
Specifically, Failure to Provide Access (45 C.F.R. §164.524) is not a one-time event according to HIPAA. In the case against Cignet Healthcare, failure to provide each individual with access to the medical records counted as a separate violation AND each day, while the violation continued, counted as a separate violation of 45 C.F.R. §164.524.
HIPAA stands for the Health Insurance Portability and Accountability Act. Passed in 1996, initially, HIPAA was mostly about the continuation of health insurance coverage for workers and their families if they changed or lost their jobs and also about setting some standards for electronic healthcare transactions.
On February 16, 2006, the US Department of Health and Human Services issued the Final Rule regarding HIPAA enforcement, also known as the “Enforcement Rule”.
From that point on, HIPAA rules and regulations can, for the most part, be enforced without court involvement.
The U.S. Department of Health and Human Services is authorized to investigate HIPAA related cases and to impose what is known as civil monetary penalties or CMPs for violations of HIPAA regulations.
What should also be kept in mind is that HIPAA is a “work-in-progress” law, with revisions and modifications happening regularly.
The consequences of HIPAA violations are harsh, including both civil and criminal penalties and ranging from steep monetary fines to real prison time.
Moreover, it is difficult to achieve 100% bulletproof compliance in the HIPAA world – this is a relatively new law with not enough judicial precedents to establish what can and what cannot be treated as a HIPAA violation.
Since many people today make their choices based on what information they can find online, you have to participate in social media platforms and make sure your website is optimized for search engines algorithms.
However, certain things are very sensitive and need to be handled carefully. Especially when it comes to internet marketing within the HIPAA framework.
For example, you should never use any individual’s protected health information in either online or offline marketing.
It could be a big temptation to let your potential clients know that you’ve treated a famous person in town or a celebrity, but doing so without written iron-clad authorization from your patient will put your business at risk.
And even with the written consent, you are still not 100% safe.
Many healthcare practices will find themselves in the uncharted waters when it comes to the bond of HIPAA and healthcare marketing.
The best way to handle this situation is to use someone who is a true expert in healthcare marketing and HIPAA compliance, such as WiserBrand.com
This company specializes exclusively in online marketing for medical and legal industries and will successfully guide you through all HIPAA obstacles.
This way you will not have to guess and run the risk of making a costly mistake.