“Pediatricians in office practices who believe they don’t need to worry about privacy and security investigations related to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) had better think again.
HIPAA enforcement has begun exposing all covered entities (e.g., physician offices, clinics, hospitals, etc.) to civil and criminal penalties if proper administrative, technological and physical controls to protect privacy and security are not followed.
Private practices are the most common type of covered entities that have been required to take corrective action to achieve voluntary HIPAA compliance. Other covered entities in order of frequency are general hospitals, outpatient facilities, pharmacies and health plans (group health plans and health insurance issuers).”
Author: AAP News