In 1996 the U.S. enacted a federal law designed to prevent the disclosure of sensitive patient health information without the patient’s consent or knowledge. The legislation also allows American workers and families to continue health insurance coverage by transferring it when they lose or change jobs. These provisions require the confidential handling of protected health information (PHI) to reduce healthcare fraud and abuse. They also establish standards for health care information on electronic billing and in related processes.
HIPAA non-compliance will result in penalties or monitored enforcement of corrective action plans. Enforcement may be imposed by the U.S. Department of Health and Human Services Office of Civil Rights or a state attorney general. A four-tier structure of fines from $100 to $50,000 per violation serves as a strong deterrent. But fines can total $1.5M per year!