HIPAA/ARRA Compliance Privacy Rules

Adhering to the HIPAA/ARRA Compliance Privacy Rules can be very expensive. There are two angels to whom organizations have expenses: (1) the costs incurred when organizations are not in compliance with the privacy rule and (2) the companies’ costs for managing administration, general expenses, and capital fees. When a covered entity is not in compliance with regulations and does not successfully resolve the violation in the specified time frame, the office of civil rights (OCR) may decide to impose civil money penalties (CMPs) on the covered entity. CMPs for HIPAA Privacy Rule violations can be determined based on a tiered civil penalty structure. The secretary of HHS is the final decision maker when determining the amount of the penalty; the decision is based on the nature and extent of the violation and the harm resulting from it. Penalty prices can range from $10,000 to $1.5 million per violation.
The costs to comply with the HIPAA are specific to each organization and are measured by type, size, culture, environment, and risk tolerance. With this in mind, costs involved have been divided into three general categories: Labor (Administrative), Expense, and Capital. Almost all of the privacy standards and 75 percent of the proposed security rule are administrative; therefore, many organizations identify Labor or Administrative as the most costly …show more content…
Expense budgets can be one-time expenses or recurring costs. To prepare readiness and implementation plans organizations may hire consultants, which would be classified as a one-time expense. Lawyers are sometimes necessary to write new contracts and to review policies and procedures to ensure the business is in compliance with the law. The money paid to the lawyers would also be considered a one-time expense. The last example of a one-time expense would be the hiring of or working with vendors that test network vulnerabilities and disaster recovery