Medical Electronic Records Compliance
Our award-winning legal team is highly-experienced and well-versed in a wide array of litigation in the healthcare industry. Taking an industry-centered approach across a wide range of transactional, regulatory, and litigation issues, we ensure that all of our clients meet federally-mandated compliance goals and navigate through government investigations.
Charges of willful neglect of your patients’ electronic records can become problematic to both you and your organization, negatively affecting everyone involved.
We assist our clients in handling government investigations, and our award-winning legal team advises them on how to maintain federal compliance.
If you are currently under investigation for the willful neglect of your patients’ electronic records or if you are being audited for negligence, you must call us now.
What is “HIPAA?”
Signed by President Clinton in 1996, The Health Insurance Portability and Accountability Act, or HIPAA, provides security provisions and data provisions for safeguarding medical information.[1]
HIPAA was created solely to modernize and establish a national and ethical standard for the flow of healthcare information, and works in conjunction with the HITECH Act to protect medical information. Any non-compliance to these laws work against these safeguards, which is why the federal government has now begun to penalize offenders under these pretenses.
Entities found guilty of violating the HIPAA may face fines of up to $1,500,000, or imprisonment for up to 10 years for criminal cases.[2]
Call for a Confidential Consultation
What is “HITECH?”
On February 17, 2009, President Barack Obama signed The Health Information Technology for Economic and Clinical Health Act (HITECH).[3]
The HITECH Act was created in anticipation of the expansion in the exchange of electronic protected health information (ePHI) between hospitals, healthcare companies, doctors, and other entities that collect and store ePHI for the primary benefit of reducing healthcare costs by sharing. HITECH broadens the scope of security and privacy protections available by HIPAA by increasing the possible legal liability for non-compliance.
Whether you commit this offense intentionally or involuntarily, the willful neglect of electronic records is a serious crime that can lead to massive fines and even imprisonment. Therefore, it’s important to learn how to maintain your compliance under the HITECH Act to avoid accruing a damaging punishment.
What is the “Willful Neglect of Electronic Records”?
As the legal term suggests, the “willful neglect of electronic records” is generally determined on a case-by-case basis. This is primarily because the word “willful” insinuates that the violator knowingly participated in the crime. In the broadest sense, the “willful neglect of electronic records” involves the act of lacking the necessary security and privacy documentation to present to federal agencies during an investigation.
You can be charged with willful neglect due to lack of education on how to comply with the HITECH Act. You can also violate this offense by simply sharing your patients’ electronic health records with a “business associate” without making sure that this entity will protect that data.
In the past, HITECH compliance has not been widely-discussed nor readily enforced since HIPAA in 1996; however, the federal government has started to enforce this rule more rigorously through auditing entities that are suspected of “willful neglect” and have reportedly breached ePHI data.
The HITECH Act requires mandatory and immediate penalties for the willful neglect of electronic records. Hence, if you have been audited for this offense, it’s imperative that you seek an experienced law firm to help you deal with your case.
What are the Penalties for “Willful Neglect” of a Patient’s Health Records?
The willful neglect of electronic records is a serious legal offense. There is a wide variety of punishments stemming from this offense, ranging in four separate tiers:
- Tier A includes penalties in which the offender didn’t realize they violated the HIPAA and would have complied with the Act if they would have known otherwise. The resulting penalty is a $100 fine for each violation, with the total fine amount exceeding no more than $25,000 in a calendar year.
- Tier B includes penalties for offenders who violated the HIPAA due to reasonable cause, but not willful neglect. The resulting penalty is a $1,000 fine for each violation, with the total fine amount exceeding no more than $100,000 in a calendar year.
- Tier C includes penalties for offenders of willful neglect that the violator eventually corrected. The resulting penalty is a $10,000 fine for each violation, with the total fine amount exceeding no more than $250,000 in a calendar year.
- Tier D includes the penalties for offenders of willful neglect that the violator did not correct. The resulting penalty is a $50,000 fine for each violation, with the total fine amount exceeding no more than $1,500,000 in a calendar year.
Additionally, the HITECH Act also allows state attorney generals to seek fees and levy fines from covered entities on behalf of the victims, meaning courts can now award costs.
It is evident that there is an enormous price to pay if you are audited for the willful neglect of electronic records. There are many actions you can take to avoid these fines, and we are more than happy to help you get started with our complete line of resources in healthcare litigation.
Can I Be Charged With “Willful Neglect” For Someone Else’s Mistake?
The short answer to this question is yes – you can. If you share your patients’ electronic health records with a “business associate” that doesn’t comply with the HIPAA, you may be subjected to liability for willful neglect. Therefore, you and whoever you send your patients’ electronic records to, have a joint responsibility to protect these records under the compliance of the HIPAA.
To maintain your compliance under this law, you should obtain an assurance that the person or entity you’re sending this information to will protect the data. If this isn’t done, you may be held liable for willful neglect.
Who is in Charge of Willful Neglect Investigations?
The U.S. Department of Health and Human Services (HHS) has set a standard for investigating cases of willful neglect and punishing violators of the HIPAA.
According to the US Department of Health and Human Services Office for Civil Rights, 91,000 complaints of HIPAA violations were reported between April 2003 and January 2013; however, only 521 complaints were referred to the U.S. Department of Justice (DOJ) for criminal persecution.
Being that only a small number of HIPAA complaints were reported to the DOJ, the HHS is typically in charge of willful neglect investigations.
Call for a Confidential Consultation
How Can I Defend Myself Against Charges of Willful Neglect?
The willful neglect of electronic records is an offense that is punishable whether you are aware of your compliance or lack thereof; however, more substantial fines are given to entities that do not correct their non-compliance or are willingly indifferent towards both the HIPAA and the HITECH Act.
For this reason, prosecutors can prove your guilt by merely judging if you have the necessary privacy and security documentation. To help determine if you willingly and knowingly committed the offense, prosecutors may conduct an internal investigation into your organization.
To properly defend yourself from these charges, it’s important to seek the professional help of an experienced HITECH compliance attorney.
Willful Neglect of Electronic Records in the News
Article: Healthcare Company Fined $4.3 Million for HIPAA Privacy Rules Violations.
Charge: HIPAA Violation
Allegations: Denying Patients Access to Their Medical Records
In 2010, a healthcare company, Cignet Health, was fined $4.3 million for violating the HIPAA by refusing to give their patients access to their medical records.
According to the HHS press release, the company violated the rights of 41 patients by denying them access to their medical records.
The HIPAA Privacy Rule requires that a covered entity provide a patient with their medical records within 30 days (and no later than 60) of the patient’s request.
To learn more about this case, click this link, or copy the URL below:
https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/examples/cignet-health/index.html
Looking for a HIPAA Compliance Attorney? – Call Us Now
Being charged with willful neglect of electronic records is a serious crime that can lead to a wide range of severe implications, including massive fines and criminal charges.
That is why you need an experienced HIPAA compliance attorney.
Our expert team of attorneys understand the broad field of healthcare litigation and can help you make sense of the charges brought against you. During your investigation, our team will accompany you every step of the way to ensure that your rights aren’t violated and keep you thoroughly informed throughout the process.
Our mission is to make sure that you possess a legitimate defense during your investigation.
Over the years, we have built strong expertise to successfully defend anyone charged with the willful neglect of electronic records.
We have represented hundreds of industry and corporate clients, doctors, pharmacists, administrators, clinics, hospitals, and other healthcare industry professionals in the face of federal agencies.
We are confident in our chances to build your defense, despite the charges brought against you by the federal government.
If you or a someone you know has been charged with the willful neglect of electronic records, please call our attorneys for a free legal consultation.
[2] The maximum fine for a HIPAA violation is $1,500,000 according to the HITECH Act.