Real World HIPAA Violations: Why Your Practice is At Risk
by CompuTech City Admin Tuesday, 22 May 2018 CompuTech City Blog
Being audited is of great concern for medical practices throughout the U.S. and with good reason. Annual fines from audit violations can be upwards of $1.5 million. Currently, 16 Florida practices are under an active audit or had experienced a recent violation of HIPAA, including a surgical center in Fort Meyers being investigated for a recent security breach that may have exposed protected health information for over 30,000 patients!
A lot of practices think, “Oh, the federal government doesn’t have time to go after my practice. I’m a small fish in a big pond.” Meanwhile, HIPAA audits are outsourced to third-party vendors who are responsible for conducting as many audits as they can. The more audits they conduct, the more money they make.
HIPAA VIOLATIONS HAPPEN EVERYDAY
But auditors are only a piece of the puzzle. Their job is to identify practices that are not compliant with HIPAA and aren’t protecting their patients’ information. Your patients look to you to take care of more than their health. You need to make sure you protect the information they entrust to you. Cybercriminals are known to target smaller organizations because they anticipate less security. Many of the recent HIPAA violations listed on the Office of Civil Rights website were caused by cybercrime. Here are a few examples:
1. An Orlando-based hospital was hacked, exposing 12,724 records
Hackers are becoming smarter and more elusive with their tactics. Just as much as you work to become more secure, criminals are working to find new ways to attack your practice.
2. A Jacksonville pharmacy had an email-related hacking incident that exposed 11,521 records.
3. A southeast Florida family practice EMR was hacked and exposed 500 patient records.
TYPES OF HIPAA VIOLATIONS
HIPAA violations are not just unauthorized use of patient data or hackers cracking your security. The practices under investigation in Florida have a wide range of violations. Not only do you need to have your digital records secure, but you also need physical security within your office. Here are the most common types of violations that are found during audits:
1. Hacking/IT Incident - This type of incident occurs when your patients’ information is improperly accessed through your computers, network server, emails or EMR systems.
2. Theft/Loss of Property - Any time a computer, tablet, mobile device or even a USB is stolen, if there is any protected health information stored on that device, that is a violation.
3. Improper Disposal - Make sure you understand where you are disposing of old computer equipment, hardware and software programs and successfully clear any patient information that may be on devices. Even a leased printer can create an improper disposal violation.
4. Unauthorized Access/Disclosure - HIPAA violations can occur when someone who is not permitted to have patient information is given access to it or is provided with information about that patient.
The risks of audits and violations are very real. It’s important to work with a managed IT provider who is knowledgeable about HIPAA and can help protect your practice. You need experts who can identify what you need and put a plan together to help you get it. Running a medical practice is enough for one person's plate. Managing your HIPAA compliance is something that a practice manager should not have to juggle.
YOUR PATIENTS TRUST YOU WITH MORE THAN THEIR HEALTH
CompuTech City is dedicated to providing secure and compliant IT services to the medical industry. We can help your practice get HIPAA compliant. Contact us at 407-745-1848 or online to take the first step in protecting your practice from audits.
Check out our social media: