According to the recently released work plan of The Office of the Inspector General will continue to pay closer attention to the healthcare industry’s use of electronic health records – in particular HIPAA security, EHR incentive payments and fraud.
As digitization continues to be a priority so does it’s appropriate implementation and use. In a response to ensure IT security, compliance and electronic health records, the OIG has requested a $400 million FY2015 budget, an increase of $105 million and creating another 284 fulltime jobs to enforce the OIGs audits and reviews.
“Important changes are taking place across the healthcare industry,” wrote Daniel R. Levinson, U.S. inspector general, in OIG’s 2015 work plan justification. These changes, Levinson continued, include “an emphasis on coordinated care and an increased use of electronic health records. OIG will need to adopt oversight approaches that are suited to an increasingly sophisticated healthcare system and that are tailored to protect programs and patients from existing and new vulnerabilities.”
So how does that translate to healthcare providers and healthcare organizations? Practices can expect closer scrutiny for HIPAA privacy and security compliance. Penalties have increased significantly under the new regulations. Practices can face fines up to $50,000 per occurrence—quickly offsetting or negating the EHR incentives they received.
Physicians can no longer afford to be relaxed about HIPAA compliance. They must have sound privacy and security protocols in place to protect against violations that could result in severe penalties.
A prime example occurred in July 2009, when a physician and two former employees of an Arkansas medical center pleaded guilty to misdemeanor federal charges that they inappropriately accessed the medical records of a local television anchor, thereby violating the HIPAA privacy rule. Each faces a maximum penalty of one year in prison, a fine of up to $50,000, or both.