According to the Office of Civil rights, the recent theft of a laptop from a physicians car resulted in a $1.5 million dollar settlement for “potential violations of the HIPAA Security Rule”. Note the word potential. In other words, no harm has to be done in order for health care providers to suffer significant fines…only the potential for a data breach need be present.
Data breaches don’t just damage your bank account. But they undermine the patient trust and your professional reputation you’ve worked so hard to build. And that of course is far more difficult to repair.
It’s imperative that covered entities, that’s you, the healthcare provider, understand the HIPAA and HITECH rules and regulations. I’ll share a resource with you at the end of this article.
There are several things you need to take a look at in your own practice…some are obvious and others not so. Clearly, this article cannot cover everything related to HIPAA and HITECH, but I hope it gives you something to think about and spurs you to learn more and take appropriate action to prevent data breaches.
One of the most important things that any health care provider and practice can do is to ensure training for themselves and their staff. As usual, people are often the weakest links in safeguarding protected health information (PHI).
You’ll want to take a look at training programs and policies and procedures for patient interaction and handling of data. Don’t forget to look at social media policies for your practice.
What else? What kind of passwords are you and your staff using? How often are they required to change it? Are they taping the passwords to the bottom of the keyboard or next to a monitor? Consider having password protected software in your office.
Encryption is an important concept. Basically, files that are encrypted cannot be accessed – whether they are on a device or they are being transmitted somewhere. When we think about encryption, you’ll want to think about internet access, desktop commuters or any other devices with access to PHI such as flash drives, disks, laptops, tablets and smartphones.
Don’t think that data protection is only about electronic media. You need to think about protecting any paper records as well. Think about what happens in many natural disasters…paper can be spread for miles. (Seriously consider scanning that paper, uploading to a security in-the-cloud storage solution (HIPAA compliant of course) and then shredding that paper.
There is so much more to HIPAA and HITECH, but this should get you started thinking about data security to prevent data breaches.
Learn more about data security and data breaches from the Office of Civil Rights.