2017 was quite the tumultuous year for the healthcare industry. According to the current figures, over fourteen million people were affected by data breaches last year, largely due to noncompliance with the HIPAA security rules and regulations.
While the overall number of data breaches has decreased considerably from 2015, the number of breaches, which affect more than 10,000 people, has jumped up. In 2017, over 78 healthcare data breaches took place, compromising more than 10,000 health records in each of them.
$5.5 Million Fine for Failure to Terminate Database Access Rights of an Ex-Employee
Memorial Healthcare System (MHS) paid a staggering $5.5 million fine to the United States Department of Health and Human Services for violating the HIPAA privacy and security rules. The non-profit organization, which controls the operations of six full care hospitals, one urgent care center, a number of ancillary healthcare facilities, and one nursing home through the South Florida region, failed to terminate its previous employee’s access to the protected healthcare information. This HIPAA violation enabled a former employee to gain access to the MHS database and compromise sensitive information for over 80,000 individuals during the course of a year.
By not regulating and terminating a previous employee’s right to access confidential information, MHS exposed its patients to a privacy breach.
$4 Million Fine for Overlooking Breach Risks
Metro Community Provider Network or MCPN, a federally qualified healthcare center, is responsible for providing primary healthcare, dental care, and behavioral healthcare services, amongst others, to the residents of Denver, Colorado. Due to the lack of proper electronic security, a hacker was able to gain access to private health records and stole sensitive information of over 3200 individuals. For this lack of compliance with HIPAA rules, and inadequate risk assessment and protection against vulnerabilities, MCPN was fined with $4 million.
$3.2 Million Fine for the Lack of Timely Action against Security Risks
Children’s Medical Center of Dallas had two different security breaches where unencrypted digital devices were stolen and the sensitive data of over seven thousand patients were compromised. Furthermore, the organization failed to report the incident and requested a hearing against it on a timely basis. As such, Children’s Medical Center of Dallas had to pay $3.3 million in settlement for not implementing adequate risk management programs as per HIPAA rules and regulations.
$2.5 Million Fine for Noncompliance with HIPAA rules
Pennsylvania based CardioNet, a mobile monitoring solution provider for patients with a risk of cardiac concerns, had paid $2.5 million in settlement fees for HIPPA violation when an unencrypted laptop was stolen, giving access to medical information of almost two thousand patients. There was no risk management policy or procedure complying with HIPAA rules in place at the time of the theft, resulting in a fine for noncompliance.
Prevention and Protection Against HIPAA Enforcement Actions
The Health Insurance Portability and Accountability Act of 1996 or HIPAA is a strict US legislation, which ensures the data privacy and protection of sensitive healthcare information of patients receiving medical treatment across the country.
HIPAA sets an exacting standard for all healthcare providers and organizations to ensure the protection of the confidential patient data that they collect via their network. HIPAA compliance entails providing not only physical protection against possible breaches, but also setting up technical policies and safeguards and network or transmission security to ensure data protection.
Healthcare organizations, contractors, subcontractors, business associates, or anyone with access to sensitive patient information must comply with HIPAA rules to avoid strict enforcement actions taken against them.
The only way for an organization to ensure that they are not in violation is to learn and understand the HIPAA rules and security regulations thoroughly. Therefore, it’s highly recommended that organizations enroll their employees in specialized HIPAA online training programs so that they may develop a full understanding of HIPAA compliance requirements. Furthermore, organizations should provide their employees access to a broad spectrum of online training libraries with plenty of compliance-related content to help remain up-to-date with recent developments. This will also ensure that their workforce meets the necessary requirements at all times.
Enrolling employees in a HIPAA online course will allow organizations to avoid hefty non-compliance fines or settlement fees for charges brought against them under HIPAA.