If your practice is using , storing or transmitting patients’ protected health information (“PHI”), you must be certain that the PHI is properly protected, staff members are well trained on appropriate procedures and your written policies and procedures are current.
Health and Human Services Office of Civil Rights issued its Final Rule effective September 23, 2013: PHI must be encrypted. Health care providers and entities will face devastating penalties, civil liability and reputational harm if there are breaches.
Don’t let a devastating event like this destroy your practice:
An unencrypted laptop was stolen from an employee’s car. The University of California San Fransisco Medical Center (“UCSF”) laptop contained 3,541 patients’ PHI, including names, medical record number, and social security numbers. A description of the data breach can be found here.
HHS Office for Civil Rights Director Leon Rodriguez said the Final Rule “marks [the] most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented….” “[T]hese changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.” “Penalties are increased [to] a maximum penalty of $1.5 million per violation.” Press Release.
Today, healthcare providers must maintain patient PHI. Data breaches of this magnitude can result in criminal prosecution, as well as civil liability and disastrous penalties. Don’t let it happen to you.
Tell us how you prepared for the HITECH Act and Final Rule to avoid breaches? Share your ideas with us by clicking on the comment button below. We’d love to hear from you.
Get “News You Can Use” delivered directly to your e-mail inbox. Click here to Subscribe.