Is being responsible for electronic medical records a daily source of trepidation for you or your business? While the sentiment is understandable, it often results from a lack of understanding about what HIPAA compliance actually means. As industry-wide penalties continue to rise every year, itβs essential to take a closer look at who is being fined, and why. Keep reading for more details on the most recent case.
As the largest fully integrated healthcare system in Illinois, Advocate Health Care Networkβs mismanagement of electronic medical records (EMR) came as quite a shock. Regardless of your feelings on such a sizable provider being unable to maintain secure EMRs, what canβt be argued is the precedent set by last monthβs $5.5-million settlement.
How exactly did it come to such a historic penalty? The answer is threefold. Firstly, Advocate failed to perform the risk assessments mandated by HIPAA regulations -- an oversight that could have potentially prevented the other two infractions. Secondly, Chicagoβs premier healthcare network failed to obtain proper written agreements with each of the business partners who had access to its data, which may have gone unnoticed if one of its associates had not been the subject of a security breach.
The final infraction, and arguably the most directly relevant to Advocateβs internal security policies, was the unsatisfactory safeguards in place on two stolen laptops with confidential medical information. While the breach of its business partnerβs network only put 2,000 EMRs at risk, the stolen computers had access to almost 4 million.
So, if youβre tired of vague platitudes about βpenalties for lax data complianceβ or the βliability risks of mediocre security,β this is your answer: inadequate preventative measures, unfit business partners, and poor internal security protocols can spell millions in damages. Unfortunately, this isnβt just an aberrant case -- the total punitive damages for HIPAA noncompliance in 2015 totaled $6.2 million; after just over eight months into 2016, they currently stand at $20.3 million.
Keep your companyβs name off the growing list of companies that didnβt have suitable systems in place when it mattered most. Our EMR management practices provide a full suite of care for your data records; from prevention to end-point security, your information is safe with us. Our proficiency in the healthcare IT industry spans a wide variety of experiences and know-how. Contact us today. Weβd love to tell you all about it.
Leave a comment!
You must be logged in to post a comment.