Did you know most HIPAA breaches are the result of human error, far outpacing HIPAA incidents caused by failures in IT security? This is one of many reasons why it’s important for medical practices to review HIPAA security within their practice.
Today under HIPAA Security Rules, medical practices are required to review and update their HIPAA Risk Analysis and Risk Mitigation Plan at least once a year or more (if warranted by changes in your practice such as opening a new location or relocating). These assessments are important because while most medical practices do their best to protect patient information, mistakes can happen—and they do all the time.
Recently, I read a news release about a HIPAA violation of a medical record storage and disposal company. Although the company closed its doors during the HIPAA investigation, they could not escape obligations under the law. Following the investigation, the company was found responsible for disclosing the protected health information (PHI) of 2,150 individuals by carelessly leaving medical records in an unlocked garbage container. The violation resulted in a hefty $100,000 monetary settlement.
There are two key takeaways here: (1.) a review of the company’s HIPAA security processes could’ve easily identified and prevented this gap in security (2.) costly penalties and consequences for HIPAA violations don’t stop when a business closes. Your medical practice is and always will be responsible for protecting patient information, even if it closes or you someday decide to retire.
How can a HIPAA Security Assessment help your practice? Part of a proper HIPAA Security Risk Analysis is a full inventory of all patient information you have in your practice, so you know what information you have and what you are responsible to protect. HIPAA Assessments also help improve HIPAA security awareness in your medical office and empower the entire staff to identify risks, as well as take appropriate precautions and corrective actions.
As a sole practitioner who runs my own practice, I understand that HIPAA security standards can be overwhelming. If it’s time for your practice to complete your HIPAA Security Assessment for 2018 and better protect patient data in your office, TLD Systems can help. We specialize in assisting ambulatory practices in keeping their risk analysis and risk mitigation plans up to date. For more information visit http://www.tldsystems.com or call (631) 403-6687.