The feds are serious about enforcing the HIPAA Privacy rule. When physicians and health care professionals use mobile devices, they trigger HIPAA and can expose their organization to deep trouble and heavy fines unless they are careful.
For example, Becker’s Health IT & CIO Review chronicles 15 of the most expensive “settlements” (fines, really) imposed on health care organizations for patient health record data breaches during the past few years.
One-third involved storage devices
Five of the 15 involved lost or stolen storage devices with unprotected personal health information. Stanford Hospital & Clinics in California led the unfortunate group by compromising more than a million patient records as a result of the theft of two unencrypted laptops.
Stanford paid $3 million for that breach–exacerbating another fine of $4 million after investigators found 20,000 patient records posted on line. The other 4 instances similarly involved thefts of laptops and hard drives, costing each organization an average of $1.5 million.
Perhaps the most embarrassing and unfortunate breach was one New York health insurance agency, which had to fork over $1.2 million. They returned their leased photocopy machines but forgot to wipe the health record data for over 344,000 individuals stored in the copy machine memory.
What the HIPAA Security rule requires
Yes, the HIPAA Security Rule permits health care providers to store information and communicate electronically with their patients. However, health care professionals must, according to the HIPAA Security Rule, apply “appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information,” to wit:
Administrative protocols include:
Physical protection includes:
Technical safeguards include:
So mobile storage devices, unlike full cabinets of paper records, are particularly vulnerable to loss and theft. Under HIPAA, health care managers are accountable for what their employees do, even away from the workplace. When breaches happen, they can compromise millions of records and cost the organization millions of dollars.
Want to stay ahead of HIPAA?
eMDTec is the trusted choice when it comes to staying on top of HIPAA compliance. Also for the latest information and technology tips, tricks, and news in New Jersey, contact us at (800) 979- or send us an email at email@example.com for more information.
155 Pompton Ave. STE 107
Verona, NJ 07044-2935
Phone: (800) 979-2879
Support: (973) 450- 8002
Fax: (973) 239-2425