Why a Hipaa Penalty Could Cost You Your Business
Customer protection in the medical field involves HIPAA and HITECH regulations for all healthcare-related companies and their subcontractors, which enforces the required digital protection of customer data (ePHI) in databases, through all means of communication, and wherever the data is stored.
ePHI or electronic Protected Health Information is what the government and the medical industry deem most important. ePHI often includes health insurance numbers, private patient data, social security numbers, credit card numbers, and any other pieces of Personally Identifiable Information.
Only in the past few years have businesses become more aware of the threats that present themselves across the internet, and inevitably, how it can cost them the business that they’ve worked so hard to build.
The US Department of Health & Human Services is the branch that monitors and imposes fines and penalties on businesses that fail to follow HIPAA and HITECH requirements. And what most people fail to understand is that it’s usually not the data breach or the major hack that has ruined the company (and their reputation), it’s the severe HIPAA penalty that bankrupted the business.
So far, 43 separate breaches have occurred in just the first three months of 2016 in the United States alone. Among these data breaches, the HIPAA “Resolution” penalties that have been doled out by the Department of Health & Human Services have amassed more than $5.5 million. In two specific cases, the penalties rose above $1 and 3 million respectively.
The most recent HIPAA penalty came against the Feinstein Institute for Medical Research for multiple HIPAA violations, which resulted in a $3.9 million fine. The Feinstein Institute for Medical Research will now also be required to undergo a series of corrective actions to help meet HIPAA compliance requirements.
What Can You Do?
Now that we know that violating HIPAA requirements can potentially cost you the entire business, here’s a few steps that you can take to remain HIPAA compliant.
- Any company that handles medical records is considered a “Business Associate”. All Business Associates need to sign what is called a Business Associate Agreement (BAA). Click Here to see an example BAA and learn more.
- Use a HIPAA compliant email solution to ensure that all sent, stored, and received emails are protected at all times.
- Train (and then re-train) your medical staff on all updated HIPAA procedures on a regular basis.
- Read over the entire HIPAA Security Rule here to make sure you’re abiding by all HIPAA and HITECH standards.