The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to protect the confidentiality of patient health information. Since then, HIPAA has become one of the most commonly violated laws in the healthcare industry.
There are many reasons why people fail to comply with HIPAA, but some of the most common include a lack of understanding of the law, a lack of resources, and a lack of compliance training.
This article will provide an overview of the HIPAA law, common compliance failures, and ways to ensure compliance in your organization.
1) Poor access control for health documents
Many healthcare companies fail to implement the proper access controls to ensure that only authorized individuals have access to health documents. This means that the majority of healthcare organizations are leaving themselves vulnerable to data breaches and other security threats.
While the healthcare industry has made some progress in recent years in terms of securing health data, there is still much room for improvement. Healthcare organizations need to make sure they have strong access control measures in place to protect their patients’ data.
According to HIPAA Journal “University of California Los Angeles Health System was fined $865,000 for failing to restrict access to medical records. The healthcare provider was investigated following the discovery that a physician had accessed the medical records of celebrities and other patients without authorization. Dr. Huping Zhou accessed the records of patients without authorization 323 times after learning that he would soon be dismissed. Dr. Zhou became the first healthcare employee to be jailed for a HIPAA violation and was sentenced to four months in federal prison.”
2) Failure to mitigate security risks
Another important aspect of HIPAA compliance is to mitigate security risks. The failure to mitigate security risks can have serious consequences for a business. If a business is not properly protected, it may be the target of a cyber attack. Such an attack can result in the loss of sensitive data, damage to the business’s reputation, and costly financial losses.
Businesses must take security risks seriously and take active steps to mitigate them. Failure to do so can put the business at risk of serious harm.
The biggest fine on record for this was Premera Blue Cross – a $6,850,000 settlement for risk analysis and risk management failures, and other potential HIPAA violations.
3) Denying patients access to health information
Patients have a right to know all the information that pertains to their health. This includes their diagnosis, prognosis, treatment options, and expected outcomes. However, in some cases, doctors may withhold information from patients if they believe it will cause them distress.
While it is understandable that doctors may want to spare their patients from discomfort, denying them access to information can have serious consequences. Without all the facts, patients may make poor decisions about their care or forgo treatment altogether. They may also suffer from anxiety and depression as a result of not knowing what to expect.
Patients must be given all the information they need to make informed decisions about their health. Withholding information from patients does them a disservice and can have grave consequences.
The biggest fine on record for this violation was Cignet Health of Prince George’s County – a $4,300,000 penalty for denying patients access to their medical records.
4) Failure to use encryption
In today’s world, encryption is a must-have for any organization that wants to protect its data. Yet, despite its importance, a significant number of organizations are not using encryption to protect their data. This is a major failure on the part of these organizations, as encryption is one of the best ways to protect data from being accessed by unauthorized users. Failure to use encryption results in heavy HIPPA fines, such as the Children’s Medical Center of Dallas – $3.2 million civil monetary penalty for failing to take action to address known risks, including the failure to use encryption on portable devices.
5) Improper disclosure of health information
The improper disclosure of health information is a serious problem that can hurt the lives of those affected. It can lead to embarrassment, anxiety, and even depression. In some cases, it can even result in physical harm.
There are several ways that health information can be improperly disclosed. It can be as simple as someone accidentally leaving a medical file in a public place. It can also be more deliberate, such as when a health care worker sells patient information to a third party.
Whatever the cause, the improper disclosure of health information is a serious issue when it comes to HIPPA Compliance. A big example of this was Parkview Health which received an $800,000 penalty for the failure to securely dispose of paper records containing PHI.
Recap
There are many reasons why people fail to comply with HIPAA. In this article, we highlighted 5 major reasons why people fail HIPAA compliance and discuss how costly they can be to a business. The best way to ensure compliance with HIPAA is to educate yourself on the law and to have a plan in place. Contact Oppos Cybersecurity Services to learn more about HIPAA compliance.
Must Read: Different kinds of ransomware attacks and their types
Best Read: All about penetration testing and why it is so important