Sales and Services 844-558-7200


For non-technical questions, please complete this form and a representative will reply to you shortly. Our general mailbox is monitored during normal business hours of 8AM-5PM ET, Monday through Friday.

For emergencies call 844.558.7200 and press option #9.

For Support Click Here

1000 Germantown Pike, Suite C4 - Plymouth Meeting, PA 19462

For support, click here. Contact Alura


HIPAA And The Cost Of Non-Compliance

January 20, 2020

If you are a healthcare provider or manage a medical facility of any size, you are probably familiar with HIPAA Privacy Rules. You may also be familiar with the consequences of non-compliance.

In fact, HIPAA fines added up to $28.7 million in 2018 alone.

So, what are the basic HIPAA policies and procedures, and how you avoid fines? We provide an overview to help with your HIPAA compliance management.

What is HIPAA Compliance?

HIPAA stands for Health Insurance Portability and Accountability ActThe goal of HIPAA is to shield the Protected Health Information (PHI).

Along with hard copy records, healthcare providers must also apply with HIPAA Security Rules regarding digital health records (ePHI), which are stored on servers or transferred via inter-office/network systems, emails or through a website.

Who Must Be HIPAA Compliant?

HIPAA rules apply to all medical facilities and providers. An updated HIPAA Omnibus Rule was added to address changes in the way healthcare services are now delivered. The Omnibus Rule includes Business Associates and secondary individuals/businesses that store or transmit medical records.

  • Healthcare providers – Hospitals, doctors, clinics, psychologists, dentists, chiropractors, nursing homes, pharmacies & health plans
  • Health insurance companies – HMOs, company health plans & government health plans
  • Health Care Clearinghouses (Business Associates) – Companies that process healthcare data from one entity to another

The rules also apply to businesses that supply services to medical facilities, such as subcontractors, consultants, storage companies, accountants, lawyers, administrators, IT personnel, and anyone who might have access to PHI or ePHI.

What is Protected Health Information?

As we mentioned, the “Privacy Rule” is designed to protect individually identifying health information or PHI. 

PHI includes:

  • Names
  • Birth, death or treatment dates
  • Contact information
  • Social Security numbers
  • Medical record numbers
  • Photographs
  • Finger or voiceprints
  • Other unique identifiers
  • Past, present and future medical records

The only exclusion applies to employee health records that a covered entity maintains.

What Are HIPAA Policies and Procedures?

There are three aspects to the HIPAA Security Rules.

Technical safeguards:

  • Implement access control
  • Create protocols for authenticating ePHI
  • Implement encryption and decryption protocols
  • Create activity logs & audit controls
  • Facilitate automatic login/logoff controls

Physical safeguards:

  • Implement access controls
  • Establish policies for the use of workstations
  • Establish policies for mobile devices
  • Inventory of hardware

Administrative safeguards:

  • Conduct risk assessments
  • Create risk management policies
  • Provide employee training
  • Develop & test contingency plans
  • Restrict third-party access
  • Guidelines for reporting incidents 

In all cases, you must obtain written permission from patients in order to share private health information.

Penalties for Non-Compliance

Non-compliance is a serious business. Let any area slip and you could face fines and possible legal action. Ignorance of the law will not count as an excuse, either.

HIPAA fines and penalties:

  • Violation related to ignorance = $100 - $50,000
  • Violation despite reasonable vigilance = $1,000 - $50,000
  • Violation due to willful neglect = $10,000 - $50,000
  • Violation due to willful neglect where there is no correction within 30 days = $50,000

Fines are imposed per violation category and are based on the number of records that were exposed, the risk related to the exposure, and the level of negligence.

Compliance Solutions For Businesses

Keeping track of HIPAA policies and procedures can be difficult for many entities. Compliance doesn’t stop with HIPAA rules, either. There are many laws and regulations to meet, from employment laws and safety measures to tax filings.

The consequences of non-compliance can be steep. You don’t have to face these issues alone, however. Alura can help, with a range of compliance management services. Be sure to also read our blog for additional resources and information that is critical to your operations. 


Our Partners

  • AYC Media
  • AVG
  • Cisco
  • Dell
  • VMware Partner
  • Intronis
  • Mimecast
  • StorageCraft
  • Sonicwall
  • Aerohive
  • NetApp
  • GFI
  • Microsoft Partner
  • Microsoft SBS
  • Munilogic
  • WorldDox


  • BBB
  • GPCC
  • Philly100
  • SmartCEO Future 50
  • Inc 5000
  • LGBT Top Company
  • CRN MSP 500
  • LVB Fastest Growing Company
  • PA Costars
  • CRN NExt Gen 250
  • PBJ 40 Under 40
  • PBJ Top IT Pro 2015