Log in

Start free trial
Home 5 Articles 5 By The Numbers: The Costs of Not Complying With HIPAA Requirements

By The Numbers: The Costs of Not Complying With HIPAA Requirements

by | Feb 22, 2021 | Articles, Compliance Corner-lca, Essential, HIPAA-lca, Lab Compliance Advisor

Although it doesn’t make the federal government nearly as much money as the False Claims Act and other healthcare fraud law, enforcing HIPAA is still quite a profitable business. There’s also less information about the finances of the endeavor. However, new data from the HHS Office of Civil Rights (OCR) offers some rare insight on the dollars and cents of HIPAA enforcement over the past two decades. Here are some of the key figures, which encompass April 2003 when HIPAA first began being enforced, through 2020: $129,722,482: Total amount of civil penalties and settlements collected by OCR for HIPAA infractions; $26 Million: Highest one-year total collected in past five years (2018); $12 Million: Lowest one-year total collected in past five years (2019); $16 Million: The highest ever settlement for a HIPAA violation, paid by Anthem in 2018 for a massive 2015 data breach affecting 79 million people; 250,367: Total number of HIPAA complaints received by OCR; 3,992: Number of HIPAA complaints that remain open (2 percent of total complaints filed); and $129,722,482: Total amount of civil penalties and settlements collected by OCR for HIPAA infractions. Top 5 HIPAA Complaints The OCR report also lists the top 5 most frequent reasons […]

Although it doesn’t make the federal government nearly as much money as the False Claims Act and other healthcare fraud law, enforcing HIPAA is still quite a profitable business. There’s also less information about the finances of the endeavor. However, new data from the HHS Office of Civil Rights (OCR) offers some rare insight on the dollars and cents of HIPAA enforcement over the past two decades. Here are some of the key figures, which encompass April 2003 when HIPAA first began being enforced, through 2020:
  • $129,722,482: Total amount of civil penalties and settlements collected by OCR for HIPAA infractions;
  • $26 Million: Highest one-year total collected in past five years (2018);
  • $12 Million: Lowest one-year total collected in past five years (2019);
  • $16 Million: The highest ever settlement for a HIPAA violation, paid by Anthem in 2018 for a massive 2015 data breach affecting 79 million people;
  • 250,367: Total number of HIPAA complaints received by OCR;
  • 3,992: Number of HIPAA complaints that remain open (2 percent of total complaints filed); and
  • $129,722,482: Total amount of civil penalties and settlements collected by OCR for HIPAA infractions.
Top 5 HIPAA Complaints The OCR report also lists the top 5 most frequent reasons that people file HIPAA complaints:
  1. Impermissible use or disclosure of protected health information (PHI);
  2. Lack of adequate safeguards for PHI;
  3. Lack of patient access to their PHI (see Right of Access Initiative);
  4. Lack of proper administrative safeguards for electronic PHI; and
  5. Use or disclosure of more than the necessary amount or type of PHI.
Takeaway From a lab compliance officer’s perspective, perhaps the most meaningful number listed in the OCR report is 69, which is the percentage of HIPAA complaints that have resulted in a corrective action being taken against a provider. In other words, nearly 7 in 10 HIPAA complaints result in a fine and/or imposition of a corrective action. That’s a factoid you might want to cite to your lab executives the next time you encounter resistance to HIPAA compliance initiatives.

Subscribe to view Essential

Start a Free Trial for immediate access to this article

TRY FOR FREE