|
The Health Insurance Portability and Accountability Act (HIPAA)
of 1996 mandated significant changes in the legal and regulatory
environments governing the provision of health benefits, the delivery
and payment of healthcare services, and the security and confidentiality
of individually identifiable, protected health information. The
law is composed of two major legislative actions: provisions for
health insurance reform and requirements for administrative processes.
Complying with all aspects of HIPAA has required that providers
and all entities within the healthcare industry (including clinical
research) to comply with certain standards in information systems,
operations policies and procedures, and business practices.
Failure to comply with the electronic data, security or privacy
standards can result in civil monetary penalties up to $25,000 per
violation per year. Violation of the privacy regulations for commercial
or malicious purposes can result in criminal penalties of $50,000
to $250,000 in fines and one to ten years of imprisonment. The Civil
Rights Division of the DHHS is charged with enforcement and is recognized
as a stringent “enforcer.” Providers who fail to comply
also run the risk of violating public trust, which can have profound
impact on public relations.
For more information: http://www.ucsf.edu/hipaa
All housestaff are expected to read and complete the provider module
on the UCSF HIPAA website; individual departments monitor the compliance
with this requirement. |
