As many are aware, patient privacy and data security has taken the limelight over the past two decades. It started with HIPAA in 1996, the HITECH Act in 2009 and the ‘final' HIPAA law — the Omnibus Rules — that were enacted in March 2013. For many practices, these rules and regulations are a paradigm shift in how they need to practice. While many practices have taken some steps necessary to reach compliance, such as having written policies and procedures, few are even close to being totally compliant. The reason being many practices are unaware of the newer requirements that must be followed, but ignorance is no excuse — not anymore.
For patients, it’s a time to be mindful of who manages your data, and how it’s managed — For health practitioners it’s a time for action and ownership over patient security!
As of January 2018, over 70% of the offices audited for HIPAA security were found as not being in HIPAA compliance, with nearly 90% of all at-fault offices being non-compliant for multiple issues (HHS)… These statistics are staggering to say the least, but are more staggering if you consider that these were only the audited offices, which is not a proper reflection of all office faults across the country. In reality, the percentage of offices that are not HIPAA compliant could be much higher, especially if focusing on more ‘trivial’ violations, and technicalities, which have historically been overlooked by the department of Health and Human Services (HHS). HIPAA violations are also very, very expensive, penalties for noncompliance correlate with the level of negligence and can range from $5,000 — $50,000, per violation (or per record), with a maximum penalty of $1.5 million per year — That’s enough to put most practices under. If that’s not enough, some violations can also carry criminal charges that can result in jail time. These fines will increase with the number of patients and the degree of neglect.
Want to learn more about how to be compliant?
Download our free HIPAA Guide!