A recent incident of HIPAA violation has reinforced the need for health care organizations to focus on creating and keeping the records efficiently for easy access; most do not create the records in the first place! If they have not, the tendency has been to subdue their responsibilities towards enforcement of security compliance measures with HIPAA and HITECH regulations at times not knowing what to do and how to go about it. When a charge received, they then wake up to the fact. And in the case of Cignet, additional penalties were levied for not being co-operative with the investigative agency! As per report, Cignet Health of Prince George’s County Md. has been charged a whopping $4.3 million as civil money penalty (CMP) for denying accessibility to 41 patients to their medical records. Further it was also alleged that Cignet assumed a non co-operative stance willfully as it did not furnish the records when demanded by the Office for Civil Rights (OCR). Why and how did this happen? The law provides exceptions for not sharing the information. The organization had no such defenses for taking recluse under exceptions! If a set of policies and procedures had been there, perhaps, it would have been much easier for them – at least to have reduced the penalty – not 4.5 Million USD.
With such incidents and reports of severe penalties, the security compliance situation among healthcare organizations has become quite a talking point. Yet it is quite startling to see that despite the imposition of the HIPAA and HITECH rules there seems to be no change in the callous attitude of some health organizations. Conversely there are some who religiously try to follow the compliance regulations, but fail to deliver the desired output. This could be due to lack of visibility in assessing the security requirements of the organizations leading to engagement of incompetent strategies and solutions. Many a times organizations become victims of security breaches as they are incapable of purchasing new infrastructure that could help them remain compliant with the new and updated regulations. Most of them face massive pressures as they struggle to cope with revised and updated regulations while trying to maintain control over their budgets.
It does not matter whether the cause of the damage is intentional or accidental. But the repercussions can definitely matter a lot to any healthcare organization. It is difficult to recover from the penalties and is an uphill task to rebuild the years of reputation that can get washed away instantly with just one unfortunate accident. The SecureGRC SB is an ideal solution that helps all medical organizations to stay compliant not only with HIPAA/ HITECH requirements but also with other compliance regulations such as PCI Compliance, SOX and ISO 27002. The unique approach to settle all security issues and tackle all data breach possibilities is laudable. This is a web-based solution that delivers services on the cloud. It deploys a monitoring system that constantly monitors and captures real-time information and keeps providing regular status through the front dashboard.
This solution does not entail the purchase of any new infrastructure and thus saves organizations from the worry of investing in new hardware. SecureGRC SB provides optimum healthcare compliance assistance as it is affordable, and due to its automatic updating capabilities organizations can modify their existing practices according to the revised regulations. It also facilitates tracking and monitoring the activities of business associates by providing the best HITECH Compliance management solutions. Though negligence and callousness are unforgivable as far as a patient’s confidentiality is concerned the automated SecureGRC SB can help eliminate the possibility of such occurrences and provide safer and secure medical grounds for patients and providers.