How HIPAA is enforced and what you can do to secure your devices
HIPAA non-compliance is painful and costly. If your organization is guilty of non-compliance, you may be held liable for litigation, legal expenses, hefty fines, and huge settlements. Back in April, when Roger Severino became the Director of the HHS Office of Civil Rights (OCR), he made it clear that he was looking for a “big, juicy, egregious” HIPAA breach to set an example for other non-compliant organizations. He also made it clear to smaller organizations that he wasn’t just going after large healthcare organizations.
“Just because you are small doesn’t mean we’re not looking and that you are safe if you are violating the law (sic). You won’t be.”
And he’s not just making threats. He’s following through. According to this HIPAA Journal article, between the time he became OCR Director until early September, 8 settlements have been reached and one has a civil penalty. Of those, two concern us: