HIPAA Enforcement Under the Trump Administration

HIPAA Enforcement Under the Trump Administration


Conversations about the future of federal regulations such as HIPAA enforcement have been growing in the months since President Trump has assumed office.

With executive orders calling for limitations on existing regulations and a halt to the creation of new ones, health care professionals across the industry have been pondering the fate of the Health Insurance Portability and Accountability Act–or HIPAA.

The regulation has been in place since 1996, and since then HIPAA has undergone significant revisions and addendums.

HIPAA is comprised of a set of federal standards that outlines privacy and security measures that must be in place to safeguard health care data. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is the overseeing body. Tom Price has been appointed the Secretary of HHS and Roger Severino was recently named the new Director of OCR.

But what is the current status of HIPAA enforcement under the Trump Administration?

HIPAA enforcement Under Trump

Since the start of 2017, there have been over $11 million in HIPAA fines. These fines were levied against various players in the health care market for violations of the Privacy, Security, and Breach Notification requirements of HIPAA regulation.

The fines are as follows:

That brings the fine total to $11,375,000 since the start of 2017 alone. Compare that to the $23.5 million levied in all of 2016 and the $6.2 million in all of 2015.

It’s yet to be determined whether the trend will continue, but so far HIPAA enforcement efforts have actually been more extensive under Trump than during the Obama Administration. With a 400% increase in fines between 2015 and 2016, this year is set to be the most expensive for HIPAA fines since the regulation was first enacted.

Political focus around HHS has been primarily centered on health insurance reform. Because of that, a massive shakeup through the rest of HHS does not seem likely.

HIPAA enforcement doesn’t seem to be going anywhere in the years ahead. That’s why it’s more important now than ever before to address your behavioral health practice’s compliance to save yourself from these growing number of fines.

Basic Telehealth Legal Issues: Rules, Regulations & Risk Management

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to TBHI Privacy Policy and Terms and Conditions.

Notify of
Oldest Most Voted
Inline Feedbacks
View all comments
Pamela Smith-Noel
Pamela Smith-Noel
5 years ago

I LOVE the people at Compliancy group, Marlene, but I can’t afford them.
Other ideas?

Marlene Maheu, Ph. D.
Marlene Maheu, Ph. D.
Reply to  Pamela Smith-Noel
5 years ago

Thank you for the question. Our Legal/Ethical Issues I: Rules, Regulations & Risk Management course: https://blog.telehealth.org/individual/201c/, you will find lots of ideas for how to develop your own compliance program. The thing is, you have to do it yourself.
When you pay a group to do this kind of work for you, it does involve a fee. It may be impractical for independent practitioners. Sharing such expenses can be one of the benefits of partnering with other colleagues to form a group practice. That may or may not be feasible for everyone, either. The do-it-yourself approach does remain as a viable one, albeit a bit time-intensive, but doable.
Buying HIPAA compliance kits from the national associations can also be a big help, and they are often in the $200-$300 range. They give you updated forms, etc.

Would love your thoughts, please comment.x