With the healthcare industry moving towards digitalization, the electronic health records even in protected formats are becoming increasingly attractive to the criminals of the cyber world. Not a day goes by without news articles published about hospitals or medical practitioners paying millions of dollars as penalties due to public exposure of the protected health information. According to Forrester, while a single health record sells for $20 on the black market, a complete patient dossier inclusive driver’s license, health insurance information, and other sensitive data can sell for $500.
Physicians who have had to compromise their Drug Enforcement Administration(DEA) number or have faced investigations from government will understand the need to use measures to protect the electronic health information of their patients and avoid HIPAA penalties in 2015. Further, as an after effect of the changes to HIPAA Omnibus Rule, the HHS Office of civil Rights has taken measures to scrutinise medical practitioners who move away from their directive to ensure privacy of patient data. Moreover, physicians need to understand that depending on the conduct of violations, this may vary from $100 to $50,000 per violation. Also that in case the violation results from “wilful neglect” the practitioners or their business associates involved will have to pay penalties to the tune of $10,000 to $50,000 per violation.
Professionals from the healthcare industry need to be very careful of the ways they handle their patient’s data. Even loss of physician’s personal laptops containing PHI’s may lead to numerous violations. Hence professional who face such circumstances will also be subjected to penalties on the basis of failure to implement protective measures to EHR. The covered entities are also supposed to report such breach cases to the affected parties as well as to HHS.
While HIPAA imposes regulations and restrictions on the medical practitioner, it also offers covered entities various ways to avoid HIPAA penalties. In case the breaches of protective health information is not an act of “wilful neglect” and the covered entities are ready to take up corrective measures within a period of one month then there are chances that they may avoid HIPAA penalties. Further, to mitigate resulting liability under the HIPAA rules and avoid penalties rising from breaches of EHR, the physicians need to conduct regular security risk assessments and implement administrative and technical safeguards. Moreover, executing business agreements with their business associates and providing their employees with effective training to monitor their performance, and documenting these actions will help covered entities to avoid HIPAA penalties. In the event of any breach, timely reporting is critical, as otherwise it will be construed as a wilful neglect as much as it is important to respond immediately to any suspected breach.
Integrating technological innovations may make 2015 a dynamic year for the healthcare industry. Nevertheless, physicians also need to take up adequate steps to maintain practice revenues and be compliant to HIPAA regulations. Aegify is a continuous security monitoring and compliance management solution that is built on a framework approach that allows physicians, covered entities and business associates to gain control and improve compliance across a number of regulations including HIPAA & HITECH and other country-specific ones. Its built-in vulnerability scanning technology is a simple and effective way of monitoring the security and meaningful use-approved HIPAA compliance levels with professional results.