It is very likely.
Breaches are becoming more prevalent and affect practices of all types and sizes. And even if your practice doesn’t experience a breach, you may still be fined by the Office for Civil Rights (OCR) for HIPAA violations.
We can help your practice stay on top of the latest health care news, rules, regulations and trends. Subscribe to stay current and up to date on important matters that will impact your practice. (To subscribe to our blog click here).
Recently, an oncology practice in Indiana paid $750,000 to settle potential HIPAA violations with the OCR.
The OCR was made aware of the potential breach when an employee’s computer and backup data were stolen from the employee’s car. The data was unencrypted and contained unsecured protected health information (PHI).
The thief got away with names, addresses, dates of birth, Social Security numbers, insurance data and clinical information of 55,000 patients and former patients.
Why was the oncology practice fined?
The fine was a result not only of the stolen data, but also as a result of the practice’s failure to comply with HIPAA.
The practice had not safeguarded its patient information, and had not conducted a risk assessment. The polices and procedures in place were inadequate and did not allow for employees taking ePHI out of the office.
In its settlement agreement, the practice has agreed to adopt a corrective action plan, starting with performing a required HIPAA risk assessment.
The U.S. Department of Health & Human Services (HHS) stated this year that it wants to work more closely with software developers to update them on HIPAA.
How can you make sure this doesn’t happen to you?
Be proactive. You can’t guarantee that your practice won’t face a breach, but you can put protections in place to decrease your chances of a breach.
We help our clients perform a risk assessment, put adequate policies and procedures into place, and train their employees.
Not only will taking the proper steps better protect your practice, it will also help you to be compliant with HIPAA and mitigate potential fines from the OCR.
In our next blog post, we will keep you informed of related issues. To get this important information delivered directly to your mail box, click here to Subscribe.
Do you need help staying current and compliant with the latest laws, rules and regulations? We can help. To contact us about your practice’s HIPAA risk assessment, employee training, or about your other legal needs: CLICK HERE.
P.S. If you or your patients are interested in consumer healthcare issues, check out myhealthspin.com.