The U.S. Department of Health and Human Services website reports, “OCR Concludes 2018 with All-Time Record Year for HIPAA Enforcement.” Violations that were investigated and resulted in financial penalties included stolen laptops and USB drives that contained unencrypted ePHI, PHI left in an unlocked space, as well as allowing a former employee to continue to have access to scheduling software for a healthcare entity after employment for the individual was terminated. There are a number of other examples found in the summary listed on the HHS.gov website, but these are a few that seem possible in almost any healthcare practice lacking the right resources to get a handle on compliance.
Why has information security become such an issue in healthcare? Well, for starters, name an industry that is any more reliant on critical and sensitive data than healthcare. They are few and far between! It is a simple economic principal that anything that has value for one has potential value for others. The bottom line is that because the data is critical to the healthcare practice, if stolen it can be leveraged for substantial amounts of money. It is just that simple! Protecting the data is not so simple.
Unfortunately, as long as there are small private medical practices, there will always be an inequity between requirements and resources for protection of ePHI. Many medical practices feel that they must be self-reliant when it comes to compliance because there aren’t many affordable options that provide great value. This dynamic would be the equivalent of tasking the Business Manager of a 5-doctor practice with keeping up with all the changes and complexities of tax law! That is an unfair proposition for her! No one would put their practice at risk that way, yet so many take on just as much or more risk to their practice by trying to maintain HIPAA Compliance on their own.
In recognizing how difficult and costly it would be to continue to maintain compliance and minimize risk to my own business as a “Healthcare Business Associate”, I managed to find a great partner to simplify these requirements and responsibilities for me and my internal staff. This partner is a company comprised of former auditors who have simplified the compliance process for all of us. I could not believe that HIPAA Compliance could be this simple, and yet this group’s national track record is amazing. Best of all, their services are very affordable.
