Audits are conducted by HHS to identifies HIPAA violations and violators.. Once identified, the HHS determines a
sanction for covered entity, business associates, and/or potential subcontractors for noncompliance. An entity can
have multiple violations up to a maximum dollar amount and/or the correction of said violation(s).

A summary of fine violation(s) and associated cost/penalties:

Violation Category                    $ Fine Amount $    Penalty/Disposition

A. Failure to Comply                  $100 – $25,000     Per Individual, Each Day
B. Wrongful Disclosure –                                 1- 10 Yr. of Imprisonment
                                      $50,000 – 250,000  30 Day to Correct Violation
    Identifiable Health Information                      30 Days to Correct violation
C.1 Willful Neglect – Corrected       $10,000 - $50,000
                                      $50,000 - $1,
C. 2 Willful Neglect - Not Corrected  00.00

           Risk Analysis Management

Risk Analysis

The HHS rule mandates covered entities, business associates, and their subcontractors to "Conduct an accurate
and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of
electronic protected health information held by the covered entity or business associate." A risk analysis is required
as part of Meaningful Use under HIPAA Security rule and regulations.

To use a medical analogy, a HPAA security risk is as good as its diagnoses. An improper diagnosis can perpetuate
your practice into false treatment plans that would improperly treat the problem, or in this case—to become HIPAA
compliant.

The risk analysis process is designed to accomplish two things:

     1. Identify potential security risks of an organization
     2. Determine the likelihood and potential impact of these risks

Copyright 2015: All rights reserved: Medbill Compliance Group, Inc                     Page 4