Privacy and confidentiality of patient records was a big concern that troubled the healthcare industry until mid-1990s. But everything changed with the introduction of Health Insurance Portability and Accountability Act (HIPAA) in 1996. The act which makes it mandatory for every healthcare player to maintain electronic electronically records also requires that every healthcare practices to set up certain technical, physical and administrative safeguards for electronic patient data, including creation of Emergency Mode Operation Plan, Disaster Recovery Plan and Data Backup Plan.
However, experts believe that the act is not up to the mark because the security rules do not make it mandatory for the healthcare players to adhere to the standards set forth by it. These views were addressed when the congress passed the Health Information Technology for Economic and Clinical Health (HITECH) Act in the year 2009, which implemented stricter penalties for HIPAA violations.
What Does that Mean to You?
As per the latest piece of legislation, you will have to shell out a hefty price for HIPPA violation. Civil penalties for willful negligence can cost you up to $250,000, with repeat/uncorrected violations resulting an additional $1.5 million. While criminal penalties can mean a minimum of $50,000 in penalties and one year in jail, to a maximum of $250,000 in penalties and 10 years prison term. Besides shelling out fines, non-compliant organizations will suffer from negative publicity and legal penalties.
For instance, a couple of years back, an unencrypted USB hard drive containing critical patient information was stolen from a DHSS employee’s car. Suspecting critical information leak, OCR officials conducted a thorough review of the incident and discovered that DHSS had failed miserably to fulfill numerous HIPAA parameters. It had neither carried out risk analysis, nor implemented appropriate security measures. Furthermore, it had failed to provide appropriate security training to its employees. As a consequence, DHSS had to shell out a costly price of $1.7 million.
The Way Out
Much of these risks can be mitigated by outsourcing the task to a third party service provider. Third service providers utilize state-of-the-art managed security tools in conjunction with the best security and compliance resources available to satisfy your compliance requirements. They carry out information security audit and compliance gap assessment, and initiate other services that are required for HIPAA compliance including remediation, business continuity and security program management. Not just that! They also provide the much needed workforce training on security issues in line to your organizational uniqueness and offer periodical updates based on future technology and security risks.
If complying with HIPAA regulations is a big headache for you, it’s time you outsource the services to experts.