Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker.
If you, as a behavioral health professional, violate the Health Insurance Portability and Accountability Act (HIPAA), you must follow certain obligations and procedures to rectify the situation. Although the broader topic is covered in a previous Telehealth.org article, many of our CME & CE course participants want more detail. Below then, is a suggested list of steps for an average practitioner who wishes a quick response to the question, “What Happens if you violate HIPAA?” The information below is supplied with strong encouragement to seek advice from a qualified attorney before taking any other action:
- Report the Breach of HIPAA Privacy. When you realize a privacy violation has occurred, it’s your responsibility to report it to the appropriate individuals within your organization, typically a privacy officer or an administrative head. Prompt reporting of any breaches is a crucial part of HIPAA compliance as it initiates the internal process of investigation and mitigation. You will have 60 days to submit your report. If you are an independent practitioner, you are advised to seek the immediate help of an attorney. You might want to start with your malpractice carrier and the attorney that assists members of any association to which you belong.
- Conduct an Investigation. Following the breach report, you or your organization must conduct a thorough investigation. This investigation seeks to confirm whether a breach occurred, the circumstances surrounding it, and the type of information that was disclosed.
- Breach Notification. Under the HIPAA Breach Notification Rule, you, as a healthcare provider, are required to inform affected individuals if there’s been a breach of unsecured protected health…