Too many medical professionals think that they’re never going to be in violation of HIPAA. They dismiss warnings as “scare tactics” and assume companies are just looking to make a quick buck off them. But HIPAA violations happen ALL THE TIME, and the fines could range from $100 to $50,000 per violation. And if you haven’t done everything you can to stop the violation, you’ll be subject to mandatory fines of a minimum of $10,000.
Doing nothing is the surest way to get your New Jersey medical practice in hot water.
It may seem like you’re saving money by not worrying about HIPAA compliance, but it WILL cost you more in the long run. Take the time to ensure you’ve followed the rules of HIPAA and done everything in your power to prevent data breaches. You can avoid penalties by following these 7 tips:
The HIPAA security rules demand regular security risk assessments. Not only should you do this to comply with the rules, but it will help you immediately discover any vulnerabilities that could lead to a data breach. Once you know your weaknesses, it’s simple to start repairing them.
Go check out HealthIT.gov. There are plenty of helpful tools and guides on the practices you MUST follow to maintain the security of your data. Failing to implement all these safeguards not only leaves you open to big fines, but it’s just wilfully asking for disaster. Remember: US healthcare organizations made up over 36% of all hacking targets in 2014! It’s not a matter of IF a cybercriminal will target you – it’s when.
One of the biggest causes of HIPAA violations is employees accidentally breaching confidentiality. Ensure to train ALL your employees in safe data access and transfer procedures, and audit the access permissions for all the users on your network.
If you work with an associate that has access to your confidential data (say, your IT company), and they cause a data breach, YOU ARE ALSO LIABLE FOR THAT BREACH. The only way to ensure you won’t be held responsible for mistakes made by your business associates is to have them sign a BAA confirming they work as an independent contractor, not an agent of your practice.
Not only do the HIPAA rules require swift reactions to suspected breaches, but you could actually prevent your data being compromised if you act fast. If you can show you didn’t act with wilful neglect and did everything in your power to prevent a data breach, and were able to correct the violation within 30 days, you may be able to avoid HIPAA penalties altogether. Corrective actions could include changing policies, disciplining employees, installing new safeguards, and implementing new training.
Even if you weren’t acting with neglect when a data breach occurred, failing to report the breach in a timely manner will be interpreted as wilful neglect. HIPAA rules state unauthorized use, access, or disclosure of unsecured PHI is always considered reportable UNLESS you can demonstrate the low probability of the data being compromised. It’s better to be safe and report the breach than end up wishing you had.
Your best defense against HIPAA claims is to document EVERY action you take when you suspect a data breach. When in doubt, write it down. You’re required to maintain documentation required by HIPAA for six years.
Don’t leave yourself vulnerable when staying compliant with HIPAA is simple. All it takes is planning ahead. Turn to eMDTec for help with all your New Jersey healthcare organization’s IT needs – HIPAA compliance, Meaningful Use, and more. Contact us at (800) 979- or firstname.lastname@example.org to learn more.
155 Pompton Ave. STE 107
Verona, NJ 07044-2935
Phone: (800) 979-2879
Support: (973) 450- 8002
Fax: (973) 239-2425