Despite HIPAA Risks, Many Health Care Organizations Still Not in Compliance
In a recent press release, the federal Office for Civil Rights (OCR) announced it concluded 2018 with a record of $28.7 million from the settlement of 10 cases and the winning of a judgment in another regarding HIPAA compliance violations. The amount was 22% greater than its previous high of $23.5 million in 2016.
These numbers reflect a few things. First, HIPAA is now fully enforced and the government is no longer using kid gloves in calling out infractions. Second, once OCR starts an investigation, Pandora’s Box is opened. Third, fines are increasing every year.
Despite the overwhelming risks, many health care organizations are still not complying with many basic HIPAA tenets. The list of offenses OCR found, and fined for, this past year include the unintentional breach of electronic protected health information (PHI) visible from organizations’ websites, lack of business associate agreements, stolen laptops,
employees falling for phishing attacks, and former employees gaining access to data.
It is time for your practice to get its HIPAA house in order. Eliminate vulnerabilities by taking proactive steps and enlisting best practices. Contact HIPAAcraticRx for expert guidance.