The Risks of HIPAA Non-Compliance

By | 2016-10-21T16:08:57+00:00 October 21st, 2016|Business Intelligence, Business Value, Security|Comments Off on The Risks of HIPAA Non-Compliance

If your company handles any kind of healthcare data, you are familiar with HIPAA (The Health Insurance Portability and Accountability Act). Violating HIPAA can be expensive and can even result in criminal charges. Fines can range from $100 to $50,000 per violation (a.k.a per record) with a maximum penalty of $1.5 million per year, and can even be imposed when you are unaware of your non-compliance.

There are two types of penalties: one for those who did not know or had reasonable cause not to know they were violating the regulations and another for negligence.


The last thing you want is for your company’s name to appear on a list like this because, in addition to the fines you’ll have to pay, you put your company’s hard-earned reputation at risk. That could cost you your business.

You’ll need to evaluate your providers carefully in order to ensure strict compliance with federal regulations. That’s where NCG comes in. We can help you find the right provider to meet every need on your HIPAA checklist, including the three security measures you have to take to protect patient data:

  1. Technical security measures must monitor and ensure that only pre-screened, authorized personnel have access to the PHI (patient health information). All access to PHI or the systems that contain the PHI must be logged and recorded. The modifications made by any access must be logged and tracked. Security must be sufficient enough to prevent unauthorized alteration or destruction of records.
  2. Administrative security measures must be able to identify any potential risks to PHI and implement training and steps in an effort to remedy those risks. Management must appoint official security personnel tasked with ensuring compliance. This person must randomly assess and report on the effectiveness of the HIPAA compliant procedures and policies.
  3. Physical security measures are those pertaining to the physical location in which such information will be stored (i.e. server location, doctor office). The facility must have limited physical access to the location, ensuring that only authorized personnel may enter. Further, physical access to terminals, servers, laptops, and desktops must be restricted only to those with access. The machines themselves should be restricted for access only by authorized personnel, such as locking the machines with a password, or preventing the removal of a laptop from the facility.

Business Associates must sign a Business Associate Agreement (BAAopens in a new window) certifying that they are and will continue to comply with HIPAA guidelines in their dealings with Covered Entities. Simply signing the BAA is not sufficient, the Business Associate must then follow the guidelines and implement policies and procedures consistent with HIPAA.

Choose from among Network Consulting Group’s premier providers of network, security, and cloud services. Contact us today to find the best provider for your needs and budget.