HIPAA Made Simple (Part II)

Series: HIPAA in Simple Terms
part 2 – A look Ahead to 2015

There are many government agencies that have ‘fingers’ in a dental practice. Of the multitude of agencies most are reactionary and only respond to identified concerns (i.e. reported violations). However, this trend of passive, reactionary enforcement is changing.

In many states the x-ray inspectors proactively inspect x-ray machines. State Medicaid agencies and their contracted carriers or Managed Care Organizations proactively audit/ monitor for fraud, waste and abuse by beneficiaries and providers. There is a new kid on the block known as the Health and Human Services (HHS) Office for Civil Rights (OCR) who, by federal mandate known as the Final Omnibus Rule, is required to proactively audit Covered Entities and their Business Associates for compliance with HIPAA regulations.

Beginning in 2015 OCR will conduct another round of audits. Before we talk about what lies ahead let us review what we learning from the most recent round of audits they conducted in 2013. First, of the about 89% percent of Covered Entities and Business Associates had one or more violations.

In 2015 OCR plans to audit 232 Covered Entities, which could be physicians, dentists, hospitals, Skilled Nursing Facilities or other providers. Additionally, 35 I.T. organizations, as Business Associates, will be audited. Now considering there are hundreds of thousands of providers as Covered Entities and hundreds of I.T. organizations as Business Associates the odds of getting audited are remote at best.

HOWEVER, while the odds are slim that you may be selected for an OCR audit the consequences for being in violation of HIPAA regulations are astounding. The Final Omnibus Rule spells out a tiered fine structure. Fines for mistakes range from $100 to $50,000. Fines for corrected ‘willful misconduct’ range from $10,000 to $50,000. The highest fine tier for uncorrected willful misconduct is at least $50,000. These are per violation fine amounts. Each day of a repeated violation constitutes a separate violation. Additionally, each episode constitutes a separate violation.

Historically smaller Covered Entities benefited from their size. Today the gloves are off and Uncle Sam doesn’t care if you are a small business owner. The government’s motto is “do the crime, do the time!” The feds are not interested in seeing Covered Entities ‘do time’ as in prison. Nope, that would be too easy! Today ‘doing time’ is about paying fines as penance; time is money, but money is time. No one is served by your ‘time’, but the public coffers benefit when you slave to pay your fines and penalties.

While no Covered Entity or Business Associate anywhere is completely in compliance with all of HIPAA (or other government regulations) a diligent effort is necessary to minimize adversity to any dental practice (or other Covered Entity) or Business Associate.

My suggestion? Put forth a good effort and be able to demonstrate that effort. You know my mantra – “If it is not written, it did not happen!”


Imagine being compelled to ‘tattle’ on yourself to avoid criminal prosecution related to HIPAA violations. We’ll talk through such a scenario. I imagine it will be easy to convince you to make HIPAA compliance a (sustained) high priority for your practice.

Dental Compliance Specialists, LLC is the Premier Dental Health Compliance and Quality Assurance provider in the country. We help Dentists develop and maintain compliance programs with the goal of keeping them out of the regulatory limelight. We have in-office and virtual programs all catered to the Provider’s specific needs. Dental Healthcare Compliance includes: DEA, ICE/Homeland Security, OIG, OSHA, HIPAA, Infection Control, Auditing and Monitoring, Record Auditing, employee training, Radiology Compliance, Medicaid Compliance and more…It’s not just about OSHA anymore!