Since the passage of the Health Insurance Portability and Accountability Act (HIPAA) in 1996, businesses that deal with medical records have been placed under increased scrutiny, which was only enhanced by the addition of the Health Information Technology for Economic and Clinical Health Act (HITECH) in 2009. Businesses found in violation of HIPAA could be forced to pay fines ranging from $100 to $50,000 per violation, paying an annual maximum of $1.5 million.
With those figures in mind, forward-thinking businesses must act to ensure compliance with the law, especially in this difficult economic climate. But even with stringent regulations in place, many do not.
Recently, AHMC Healthcare, a six-hospital organization based in California, reported a HIPAA breach that affected 729,000 patients. An unencrypted laptop containing sensitive patient information was stolen from a facility, the company reported, and the thieves made off with patient names, Medicare data, medical diagnoses, and insurance and payment information. It’s safe to say those patients are not too happy with their healthcare provider or its security measures, and it underscores the need for a better solution.
AHMC Healthcare is not a unique case; healthcare providers around the country have experienced similar situations, through theft, hacking or employee error (for example, erroneously sending patient information via email). While it takes dedicated effort – and a financial investment – to make sure your company is HIPAA- compliant, the cost of non-compliance can be a lot higher.
With the use of electronic medical records (EMR) on the rise, healthcare companies need to protect their networks with security safeguards to prevent breaches that release sensitive information. But many companies may lack the technological expertise or experience needed. To address HIPAA mandates – and avoid hefty fines – companies typically require a skilled internal team to manage compliance, plus external IT resources and auditing staff. Lack of funding and resources to enact compliance protocols can put providers at risk since they are vulnerable to financial penalties if they don’t participate and subject to fines if their compliance system doesn’t pass random audits.
HIPAA does not provide an easy checklist of requirements that healthcare providers must meet in order to ensure HIPAA compliance. Rather, the act's vague terminology leaves many confused about whether or not they are compliant. This is where managed security providers come in, assuming control of network security and ensuring compliance with all aspects of the law. This allows healthcare companies to focus on their bread and butter while a team of experts keeps their networks – and the data that runs across it – safe.
Hostway HIPAA Essential meets all specifications of the law, as well as those relating to the HITECH Act. By implementing Hostway HIPAA Essential, business owners can rest assured that patients’ sensitive information is protected, avoiding costly fines and the ire of patients.