The following excerpt is from an article found on The Business Journals. It was written by Mike Sabitov.
The latest data breach of Premera Blue Cross, exposing the medical data and financial information of 11 million customers, offers the industry a solemn reminder that it simply isn’t doing enough to protect patient data from known security threats.
If a business has any contact with electronic health records or medical information, Health Insurance Portability and Accountability Act (HIPAA) compliance and patient data security should be a prime concern. That’s because government regulations mandated by HIPAA states that the all protected health information must be strictly protected — and any breach of such information must be reported immediately.
Due to new HIPAA rules, the mishandling of health information now can be audited, fined or slapped with civil or criminal charges.
Five Reasons HIPAA-Compliance Should Be Top of Mind:
The HITECH Act and HIPAA Omnibus Rule have increased civil penalties for non-compliance substantially. The penalty cap for HIPAA violations has increased from $25,000 per year to $1.5 million per year per violation.
The HIPAA Omnibus Rule expands the definition of a breach and the consequences of failure to address it properly, which will increase the number of HIPAA violations determined to be breaches.
All covered entities must have documented policies and procedures regarding HIPAA compliance. Recently, a dermatology practice in Concord, Mass., learned this lesson the hard way, getting slapped with a $150,000 fine for allowing the health information of just 2,200 individuals to be compromised via a stolen thumb drive. The company also had to incur the cost of implementing a corrective action plan to address privacy, security and breach notification rules.
Read the Full Article
