Topic:- What Does the Term “Reasonable and Appropriate” Mean under HIPAA? And How Do You Achieve It?
If you are audited, investigated, or sued and found not to have reasonable and appropriate security measures, you could face civil money penalties, supervised Corrective Action Plans, bad publicity with concomitant loss of patients, lawsuit damage awards, and significant remediation costs.
Civil money penalties to date range from $50,000 to two in the $4 million range. A number of these have resulted from deficient security measures, such as a missing firewall, lack of adequate security to prevent unauthorized access, and the like. Nor are these penalties reserved for large practices. Fines have been assessed against two-physician practices and a small hospice in North Dakota. Being not-for-profit provides no immunity, nor does being a government entity. Alaska Medicaid was fined $1.5 million;and a county government (Skagit County in Washington State), $215,000.
Areas Covered in the Session:
- Overview of HIPAA and the Security Rule.
- The Requirement for Reasonable and Appropriate Security Measures.
- DHHS Guidance on What is Reasonable and Appropriate.
- Other Guidance on What is Reasonable and Appropriate.
- How to Determine Whether Your Security Measures are Reasonable and Appropriate.
- Conclusion and Question and Answer.
Jonathan P. Tomes , J.D., is Keynote Speaker at Compliance key Inc. He is a health care attorney practicing in the greater Kansas City. He is a nationally recognized authority and expert witness on the legal requirements for health information…read more
More Upcoming Webinar