There are no civil penalties for HIPAA.
$100 per client.
$100 per day per violation
$100 per client per violation, with a maximum fine of $25,000 per client per year.
Suspension of license or certificate to practice.
Fines up to $50,000 and up to one year in prison.
Fines up to $15,000 and up to two years in prison.
I must keep record of this for six years.
I must give the patient a full accountin upon proper request.
There is no such thing as a non-authorized request.
A and B
Within 30 days of the original authorization.
By telephone/fax request.
Under no circumstances once authorization is given.
If the requested action has not already been taken.
Any and all employees who misused any PHI.
The primary medical professional(s).
The primary medical professional, but he/she can fine the employee who misused any PHI.
Providers should disclose or use only the minimum necessary amount of PHI in order to perform their job.
Providers should use minimum necessary precautions.
Providers should use minimum number of employees as possible when handling charts in order to protect PHI.
It cannot be changed.
It can only be changed if I have reserved this right in my notice.
It must be updated annually.