A major topic in the healthcare industry is the increasing focus on enforcement of HIPAA law and the matter of scale. Let’s look at how a Tennessee hospice serves as an example of making the news even when just a few records are compromised:
This article looks at major HIPAA breaches last year and how your organization can avoid serving as an example of “what not to do” by the federal government. Note that some of these organizations were not directly responsible, as was true of a hospital in Fort Worth, Texas, that trusted the wrong shredding service with its files.
You have to make sure that none of the EMR undergoes loss or theft, or is otherwise available to illegitimate third parties. Per Bendix in his August Medical Economics report, mobile computing generally represents the most significant risk for providers because it’s simple for a thief to grab a portable device and abscond with the patient data. That applies to laptops just as it does to thumb drives: the vulnerable characteristic is that they are “easily picked up and carried,” says Tennant of the MGMA-ACMPE.
“Knowing what’s in the pipeline, I suspect that that number will be low compared to what’s coming up.” – Department of Health & Human Services OCR Counsel Jerome B. Meites, referring to the $10 million collected in HIPAA settlements from June 2013 to June 2014