HIPAA Enforcement Facts
How Much Risk is Your Practice Really Facing?

1) HIPAA Enforcement & penalties have recently increased dramatically.

Although HIPAA1 was passed in 1996, the Office of Civil Rights (OCR) did not start the enforcement stage until recent years. In March of 2016, it increased its investigations (audits) and enforcement of HIPPA to historic levels. This recent scrutiny increase in audits is called 'Phase 2' by the OCR.2

2) The number and type of health care providers investigated are many.

As of February 2017, The OCR has investigated over 24,800 cases, and enforced "corrective measures in all cases where an investigation indicates noncompliance..." The most common types of entities required to take corrective action are:3

  • Private Practices

  • General Hospitals

  • Outpatient Facilities

  • Pharmacies

  • Health Plans

3) The penalties for violations can be severe.

There have been millions of dollars reported in settlement payments with the government for HIPAA violations. Many individual businesses' penalties exceeded $1 million, and have gone as high as $5.5 million.The average settlement reached with violators was $1.4 million.3 There are additional non-financial penalties which concern many providers even more. They include requirements to place public advertising announcing breaches, and individually contacting all patients whose protected healthcare information (PHI) may have been exposed.

4) HIPAA and its enforcement are not likely to go away.

HIPAA regulations, audits, and penalties are not a part of 'Obamacare' (ACA). They come from an act passed in the 1990's and there has been no indication that medical privacy regulations will be relaxed in this administration. After President Trump appointed Tom Price to the head of the HHS, HIPAA Journal reported, "...given the number of data breaches experienced by the healthcare industry in the past 12 months, it seems unlikely that OCR enforcement efforts will be scaled back."5

5) It's not just about HIPAA.

Even without HIPAA regulations, ransomware, trojans, viruses, malware, and hacking can ruin a business – and they are on the rise. The liability of housing data that can be used for identity theft can be great when responsible procedures aren't taken to protect it. Further, your patients are your customers, and protecting customer information is crucial for your business to continue. The damage to your reputation and simple ability to operate should be addressed.

See also: Think You're HIPAA Compliant? Think Again...

<<Back to Healthcare IT Main Page

Contact Us Today with Questions or to Schedule a Free Consultation

Call (832) 975-1825
[email protected]

Serving Houston and surrounding areas: Angleton, Bellaire, Brazoria, Clute, Danbury, Freeport, Jones Creek, Lake Jackson, Oyster Creek,
Pearland, Richwood, Rosharon, Sugar Land, Sweeny, West Columbia.
DSTech Solutions, LLC | 703 Avondale Street, Houston, TX 77006 | Hours: Mon-Fri 8am-5pm (24 hour Emergency Response for MSP clients) | 832-975-1825 | [email protected]

Top rated on Facebook. Visit our Facebook page.


1. The Health Insurance Portability and Accountability Act (HIPAA) of 1996. The Office of Civil Rights (OCR) is the enforcement body for HIPAA, operating under the Department of Health and Human Services (HHS).
2. "OCR Launches Phase 2 of HIPAA Audit Program" HHS.gov
3. "Enforcement Highlights" HHS.gov
4. Department of Health & Human Services. HHS.gov
5. "Will HHS Secretary Tom Price Ease HIPAA Regulations?" hipaajournal.com