Are Your HIPAA Compliance Efforts Healthy?
Let us address the (ahem …) hippo in the room. HIPAA compliance continues to be a challenge for small and midsized businesses.
HIPAA is an acronym for the Health Insurance Portability and Accountability Act. Which has specific rules and regulations around a patient’s health information.
Larger healthcare organizations – hospitals and insurance companies – have in-house information technology teams. Smaller businesses do not have the same depth of IT help on hand. Yet they must abide by the same rules.
Risking a HIPAA violation can be costly. Fines reach up to $50,000 US dollars per occurrence.
Common violations include:
- Keeping records unsecure. WellPoint did not secure an online health database and paid $1.7 million
- Not encrypting data. The Massachusetts Eye and Ear Infirmary did not encrypt physicians’ laptops, which led to a $1.5 million fine.
- Loss or theft of devices containing personal health information (PHI). A pediatric practice in Massachusetts lost a flash drive and settled for a $150,000 fine.
- Failing to train employees in HIPAA compliance. A Walgreens in Indiana breached a single patient’s privacy and paid her $1.44 million.
- Disposing of records incorrectly. Affinity Health Plan paid $1.2 million after failing to erase the photocopier drives before returning them to the leasing company.
- Releasing information without authorization. Phoenix Cardiac Surgery posted a patient’s appointment on an online calendar. They paid $100,000.
- Disclosing PHI to third parties who do not have access rights. A medical practice in Phoenix sent patient data over insecure email. They had to pay $100,000.
Tips for HIPAA Compliance
Be aware of HIPAA requirements. Smaller businesses can have a tougher time staying updated on technology and guidelines. But that does not make them any less accountable for understanding HIPAA compliance. It is important to do research and get educated or partner with an IT provider with expertise to prevent violations.
Embrace encryption. If your business deals with any confidential information, encryption and firewalls are necessary. Prevent outside traffic from accessing your systems. Ensure you cannot read restricted access data. If there is a breach, or a lost or stolen device, the HIPAA fines are smaller if you use encryption.
Protect all your endpoints. Secure all mobile devices that have access to patient data. With mobile device management, for instance, you can lock down and wipe lost or stolen devices.
Err on the side of caution. Employees gossiping over coffee in a dentist’s office could share patient information. Someone might be sending an email with unencrypted data. A health announcement with recipient names may be visible. All these are HIPAA violations. Humans will make mistakes, but it is less likely if you educate about regulations and the importance of being careful.
Get a HIPAA Check-Up
HIPAA has been around since 1996. In 2005, regulators got more serious about electronic versions of PHI. Yet there are still some businesses out there with only a vague idea of what it means to be compliant.
Heavy hitters in healthcare already know HIPAA is a high priority. You should too. Have you not had an inspection yet; that does not mean you will not. A $50,000 HIPAA fine could make a difference in your business staying afloat another year.
HIPAA compliance is critical for many organizations. Set policies and procedures. Put in place security awareness training. Start using encryption and assess for risks.
Be proactive with your IT management. By working with IT experts, you can stay on top of HIPAA and remain complaint. A managed services provider (MSP) can assess risk, identify improvement areas, and propose new tech.
Call Honorbound IT at 877-686-6642 to get your technology and access management policies in healthy shape.