Does your company work with health information in any capacity? If it does, be advised, HIPAA violations are real, and can cost you and your business big money.
The most recent company to find itself in the crosshairs of the Department of Health and Human Services is the Feinstein Institute, which is a non-profit biomedical research concern, sponsored by Northwell Health, Inc. In this instance, a laptop was stolen, that contained PHI (Protected Health Information) for more than thirteen thousand patients.
An investigation into the matter concluded that Feinstein’s policies and procedures were inadequate to meet HIPAA guidelines, and levied a staggering $3.9 million dollar fine against the group. This, and other fines like it in recent months sends the unmistakable message to everyone who deals with and handles protected health information that the government takes HIPAA compliance very seriously, and you should too.
Issues like these are bound to grow more common. Increasingly, the lines are blurring between the medical community and the tech world. Doctors are quickly moving to adopt cloud-based apps that will make it possible to seamlessly share information with one another in order to facilitate improved coordination of care, and the early results are promising. Such moves are reliably improving health care outcomes, but they are also bringing tech firms in contact with an aspect of data security they may not have had to contend with before now.
HIPAA requirements are more stringent than the current industry standards most of the tech world is accustomed to dealing with. The regulations surrounding the proper data handling cover everything from establishing protocols to ensure physical security (as in the case of the laptop), and technological barriers associated with limiting access, logging each individual who accesses the data, and tracking what specific data was accessed. If those standards are not met or exceeded, it could result in ruinous fines.
Forewarned is forearmed. If you are new to the realities of HIPAA regulation, seek the advice of a qualified technology expert with the background to give you proper guidance. Doing so before you wade too deeply into those waters could save you enormously, and ease your transition into this new area.