There are no consequences for not being compliant unless your organization suffers a breach and loses PHI records. The consequences of breaches can be severe. Organizations face steep fines from the Department of Health and Human Services’ Office for Civil Rights. 2016 alone saw HIPAA settlements reach more than $23 million1. Specific fines are based on the number of patient records involved in the violation and how severe the neglect is found to be. For example, if you’re in violation of a rule, but didn’t realize it, your fine may be lower than if it’s found that you knew you were in violation of a rule and didn’t do anything about it.
Of course, the impact of non-compliance goes beyond financial measures. The loss of patient trust can have devastating effects on an organization’s future. If violations can be linked to specific employees, jail time might even be involved.