If you’re a healthcare IT professional, you’ve probably heard about HIPAA requirements for keeping a patient’s protected health information (PHI) private. However, are you aware of the common reasons why HIPAA guidelines are violated? Federal authorities can fine an organization as much as $50,000 per HIPAA violation and up to $1.5 million per year in fines. That’s why it’s so important to take steps to comply with HIPAA, especially making sure your IT practices and infrastructure comply and are up to date.
Here are the top five ways healthcare companies break HIPAA guidelines:
Failure to perform an organizational-wide audit or risk analysis. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires all healthcare companies to be HIPAA compliant. An organization should carefully evaluate the potential for a privacy breach, and then review, document, and implement security measures to protect personal information. This risk analysis should be an ongoing procedure, not just something that’s done once by a company.
Personal information isn’t encrypted on portable devices such as laptops, smartphones, and other devices with PHI. This can result in large fines and bad publicity when a device with PHI is lost or stolen. It’s important to make sure your organization’s devices have passwords and encryption to keep patient information secure.
Disclosing protected health information. This can happen if a laptop or device with PHI is lost or stolen from the office, a vehicle, or when traveling with PHI. Also, an organization’s computer network might be accessed by a hacker looking for personal information.
Careless handling of information. If you’re working at home and accessing patient information on a computer, that’s not breaking a HIPAA rule. However, if you walk away from the computer and information is visible to others or you don’t lock your computer’s screen, that increases the chances of an unauthorized person seeing PHI.
Not reporting a disclosure of unsecured protected health information. HIPAA rules require a very strict and specific procedure you should follow after a privacy breach. Depending on the situation, you may need to inform those whose information was released, the U.S. Department of Health & Human Services, and the media. Penalties can be thousands of dollars for violations.
One of the most important steps your company can take to avoid the situations described above is to ensure you have up-to-date IT processes at your company. You may need to partner with a HIPAA compliant IT consulting company such as Global Data Systems (GDS), which is based in Massachusetts.
GDS provides consulting for IT companies in healthcare, computer services, business information technology support, and information systems services across the New England area. You can call GDS at (888) 849-6818 Monday to Friday, from 9 a.m. to 5 p.m. ET, or by email at info@GDSConnect.com. To learn more about GDS and their services, visit their website at www.GDSConnect.com.
Searching For A New Information Technology Company For Your Medical Organization?
GDS works with Local Hospitals, Covered Entities and Business Associates Across the United States.
Connect with GDS for your complimentary IT costs analysis and technology consultation.
Fill out the form below.
Note: GDS is one the top IT companies in New England and we will never SPAM you. Your information is safe with us.