It is incredibly important that required entities establish HIPAA compliant processes. A healthcare network just agreed to pay $5.55 million in penalties for violations of the Health Insurance Portability and Accountability Act (HIPAA) involving electronic protected health information (ePHI).
“We hope this settlement sends a strong message to covered entities that they must engage in a comprehensive risk analysis and risk management to ensure that individuals’ ePHI is secure,” said OCR Director Jocelyn Samuels. “This includes implementing physical, technical, and administrative security measures sufficient to reduce the risks to ePHI in all physical locations and on all portable devices to a reasonable and appropriate level.”
And why should you care – what does it mean to be HIPAA compliant?
The government agency that enforces the HIPAA regulations, the Office for Civil Rights (OCR), is cracking down hard on “covered entities” which might include some of your own clients and prospects.
Advocates’ ePHI breached information included demographic information, clinical information, health insurance information, patient names, addresses, credit card numbers and their expiration dates, and dates of birth.
Some of the specific HIPAA failures included:
- conduct an accurate and thorough assessment (managed services updated scanning) of the potential risks and vulnerabilities to all of its ePHI;
- implement policies and procedures and facility access controls to limit physical access (biometric or encryption or personalized passwords) to the electronic information systems housed within a large data support center;
- obtain satisfactory assurances in the form of a written business associate contract that its business associate (this could be an accountant, a lawyer, or IT company) would appropriately safeguard all ePHI in its possession;and
- reasonably safeguard (passwords for example) an unencrypted laptop that was stolen when left in an unlocked vehicle overnight.
Learn more about INC Tech’s HIPAA Compliant Solutions