HIPAA Compliance in Chicago

The Health Insurance Portability and Accountability Act (HIPAA) was signed into law in 1996. In recent years, attacks and breaches of Electronic Protected Health Information (ePHI) have been on the rise and in the news. The number of complaints rose steadily from 6,500 in 2004 to just under 13,000 in 2013 alone.

Our security team specializes in helping SMB and Mid-Market healthcare organizations assess and manage risk according to HIPAA requirements. We can help your organization reduce the risk of a security breach.

HIPAA Compliance | Security | Privacy | Chicago IT | Equilibrium | EQInc.com


Risk Assessments

In response to this trend, in 2011 the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) has established a formal audit program in addition to their online complaint portal. This has allowed the OCR to streamline its audit efforts on a wider scale. The first phase of audits took place during 2011 and 2012 involving 115 covered entities. The second phase started in the fall of 2014 and will run through 2016.

This more robust audit program has a goal of securing healthcare organizations via risk assessments.

Equilibrium is well versed in the HIPAA-required risk assessment approach. The HIPAA Security Rule requires that organizations implement security controls that are "reasonable and appropriate" in order to protect the organization's ePHI. Organizations must first select their set of controls based on the outcome of a risk assessment. Then, as part of their security program, they must practice ongoing risk management to oversee that the controls are operating effectively.

Now is a great time to review your HIPAA compliance to get a step ahead of the Office of Civil Rights' audit program.


Evolving Enforcement

HIPAA was modified by the Health Information Technology for Economic and Clinical Health Act (HITECH) in 2009, and more recently by the HIPAA Omnibus Rule in 2013.


HITECH contains specific incentives designed to accelerate the adoption of electronic health record (EHR) systems among providers. It also imposes data breach notification requirements for unauthorized uses and disclosures of "unsecured PHI."

HIPAA Omnibus Rule

The HIPAA Omnibus Rule included many changes including these two examples:

  • Created an increased and tiered civil money penalty structure for security breaches
  • Made business associates of covered entities and their subcontractors directly liable for compliance with certain HIPAA Privacy and Security Rule requirements


Consequences and Fines

About 66% of HIPAA violation investigations end up requiring corrective action such as fines. The violations which make the news involve a settlement typically between $250,000 and $4,000,000. Since 2009, civil penalties have been a wide range of fine amounts anywhere from $100 to $50,000 per instance.

Criminal penalties result from willful violation and/or intent to sell information. These fines range from $50K to $250K including 1 to 10 years of prison time.


Free Resources

EQ Blog: Ultimate Guide to the HIPAA Security Rule

EQ Blog: Learn about HITRUST for Healthcare in Chicago

EQ Blog: Upgrade your HIPAA Risk Assessment in Chicago

EQ Whitepaper: HIPAA Compliance

All proactive measures with your HIPAA compliance start with a risk assessment. Equilibrium's security practice can help.

Don't wait another minute. Contact Equilibrium to get your HIPAA compliance questions answered.


Questions?  Call us today in Chicago at 773-205-0200 | Email us at  | Request a FREE Consultation


Contact Us

Call today! 773.205.0200 or use the form below.




FREE Consultation

free consultation


Call today and speak to one of our specialists to receive your FREE Consultation!



Refer a New Client

refer a client


Refer a NEW CLIENT to EQ and everybody wins! Earn yourself CASH and your company FREE Consulting Time.



Refer an IT Expert

eq it certifications blue background big


Refer an IT EXPERT for a career with EQ and everybody wins! Earn yourself CASH and your company FREE Consulting Time.


Client Login

Login to our Customer Service Portal here.


Login here