Healthcare recordkeeping is moving full speed ahead, and will soon be entirely paperless. Few hospitals and insurance offices still keep hard copies of patient files safely guarded behind lock and key. The shift to electronic health records (EHR) has brought many benefits: greater efficiency, wider access, and seamless communication between practitioners and provider networks. However, by putting information (once only exposed to physical threats such as break-ins or fires) in digital format, we open an entirely new realm of threats that must be mitigated. Faulty hardware, insufficient authentication, inadequate backups, and unintentional disclosures are now pervasive threats across all healthcare and service providers.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is U.S. legislation that provides data privacy and security provisions for safeguarding medical information. HIPAA applies to any entity that takes healthcare insurance and any entity that provides healthcare services. The main purpose of HIPAA is to standardize the tracking and security of electronic healthcare transactions. HIPAA compliance requires organizations to implement safeguards that protect the confidentiality, integrity, and availability of electronic protected health information (ePHI).
What can happen to your organization if you fall short in complying with HIPAA? The repercussions could be catastrophic, with potential legal battles and regulatory fees. Additionally, the potential for reputational damage if you’re found to be fraudulent or noncompliant could mean the end of your organization entirely. The penalties for HIPAA noncompliance are based on the perceived level of negligence, and can range from $100 to $50,000 per individual violation, with a max penalty of $1.5 million per calendar year for violations. Violations can also result in jail time for the individuals responsible.