Health care IT security has been lackluster of late, to say the least, as countless breaches of patient data have taken place in a relatively short period of time with no signs of a changing tide rolling in soon. This is one of the many reasons why regulators and law enforcement officials have started to come down hard on hospitals and other medical firms that are not doing everything in their power to maintain compliance and protect information from the grasp of hackers and other threats.
Although the cost of breach has reached millions of dollars, the fines associated with Health Information Portability and Accountability Act noncompliance can also be enormous, with an annual maximum of $1.5 million. When hospitals are struck by a data breach, fines can often occur as a result, providing the clearest sign that they are not following the guidelines of regulatory compliance closely enough to make a difference in their security programs.
Healthcare IT News recently reported that one Massachusetts-based health care system has been fined more than $200,000 by the U.S. Department of Health and Human Services’ Office of Civil Rights. Interestingly, this development was actually the product of an investigation that began three years ago, when complaints regarding the use of insecure and noncompliant data storage systems were believed to have put patients in harm’s way.
According to the news provider, the OCR has thus far fined medical firms more than $26 million for noncompliance since beginning to have a say in these matters, and the largest penalty came in the form of a $4.8 million settlement. This should make it clear that not maintaining compliance with HIPAA, as well as other relevant standards such as the Health Information Technology for Economic and Clinical Health Act, can come with grave consequences.
“Organizations must pay particular attention to HIPAA’s requirements when using Internet-based document sharing applications,” the source asserted, citing a statement by OCR director Jocelyn Samuel in the wake of the penalty’s finalization. “In order to reduce potential risks and vulnerabilities, all workforce members must follow all policies and procedures, and entities must ensure that incidents are reported and mitigated in a timely manner.”
Preemptive work needed
Simply put, heath care providers will continue to suffer from a financial standpoint should they not begin to take more proactive steps toward protecting their patient data. Considering the massive economic damages of identity theft and data breach that have plagued the U.S. and other nations of late, these types of struggles and setbacks will only continue to intensify as time goes on, with government agencies getting more involved in oversight and investigations.
With secure cloud, email encryption and other helpful solutions provided by a seasoned and trustworthy vendor, medical firms can begin to turn the tides on hackers and avoid the heavy penalties that would otherwise accompany noncompliance with laws or victimization in a data breach event.