HIPAA Compliance in a World of High Security Risk

medical-563427_960_720.jpg

Information Technology, in general, is an industry rife with the potential for security breaches, hacks, and more. When it comes to healthcare data and information, the threat is even greater.

At a conference recently, our team attended a session on the dangers and risks associated with information technology in healthcare organizations. For credit card number theft, the black market can offer this data for somewhere around 25 cents per record. But for healthcare data, the price can jump to hundreds or thousands – a much more valuable set of data and therefore a much bigger target.

https://www.forbes.com/sites/mariyayao/2017/04/14/your-electronic-medical-records-can-be-worth-1000-to-hackers/#90486950cf1f

HIPAA, the "Health Insurance Portability and Accountability Act", was created in 1996 to ensure that all protected health information was secured and restricted to healthcare providers and those authorized to view it, including the patients themselves. Prior to this law, there was no real requirement or repercussions for securing this data.

For patients, there are many advantages to having a law like HIPAA to protect their sensitive information. For example, the law ensures that covered entities like healthcare providers, health plans, health billing, and business associates of those entities must implement safeguards to protect this information, including who can see, access, and share this data. The law also makes it easier for patients to take their health into their own hands by allowing easier access to their own medical history using the proper request channels.

For healthcare organizations, there are benefits too. Because of HIPAA, technology has improved for managing, securing, and sharing sensitive patient information. Digital technology allows for more robust, yet cost-effective storage and transmission of data. The risk for exposure is reduced because there’s an industry-wide, well-established framework for the relevant information, and the risk is therefore greatly reduced (though never completely removed!).

For the organizations who do not appreciate the importance of HIPAA compliance, the results can be damaging – or even catastrophic! You can do a quick Internet search and find several examples of breaches at large healthcare companies. Many times, there are large fines assessed by HHS which can be quite financially painful. There is also the larger hit to reputation, which can last a lot longer than the fines themselves. Here are several examples of large fines that have been assessed in recent times:

https://www.beckershospitalreview.com/healthcare-information-technology/10-largest-hipaa-settlement-fines.html

While fines may not always be this large and high profile, the risk is there and very real for companies of all sizes.

The single best way to address the pitfalls of HIPAA violations would be to know the main triggers for violations and put safeguards in place to avoid issues before they happen. There are a few more triggers, but here is a list of the most common:

  • Failure to maintain valid authorization from an individual for information disclosure
  • Health data breaches – hacks, phishing, other non-permitted access
  • Refusal or failure to provide an individual with a copy of their personal records
  • Lack of adequate safeguards to protect information
  • Disclosure of more information than is necessary upon patient request

The good news is that with some investment, planning, and preparation, these risks can be reduced significantly. Pioneer Technology aligns our information technology services with the needs of HIPAA compliance. Our staff is fully trained on HIPAA and works daily to reduce the risk of audits, fines, and more. If you are not sure where you stand with information technology and HIPAA, we can perform audits of your current state and make in-depth recommendations for getting back into compliance, as well as overall security concerns in general. We know it can be a bit painful to invest in IT when there are so many other business priorities out there, but the investment now can prevent significant issues in the future. The ROI of significant fines from HIPAA non-compliance does not exist!

Let us know your thoughts. If you need assistance or would like to participate in a technology and risk assessment centered around HIPAA requirements, contact Pioneer Technology today!

-EB