- About Us
- IT Services
- IT Security
- Cloud Services
- Who We Help
- Our Blog
- CCS News
- Contact Us
It’s a valid question to ask, the answer to which many medical facility administrators may be in the dark about. If that practice manager could be found to be directly at fault for allowing certain data to go unsecured, or, say, allow a device such as a smartphone or a laptop come into the possession of someone unauthorized and opportunistic – yes, that medical practice manager could be at risk of losing their job due to a cyber breach, consequent HIPAA violation, and resultant fines.
Though, it’s fair to say that anyone in the chain of command surrounding a hospital or medical facility’s IT network could be at risk.
But, let’s first examine some of the HIPAA compliance guidelines, provisions, and statistics in place that weigh upon the actions of medical practice management where concerns the safe storage of patient data, shall we?
HIPAA Enforcement Trends in 2017
Since the start of 2017 alone, HIPAA enforcement trends have indicated that this could be the costliest year for fines in HIPAA’s 21-year history.
HIPAA, as a regulation, is managed by the Department of Health and Human Services (HHS). HHS designs and enacts policy and guidance about emerging trends in health care IT, patient privacy, and data security. The Office for Civil Rights (OCR) is the HHS body responsible for HIPAA enforcement and investigation.
HIPAA Fines by Year
OCR has been cracking down on HIPAA enforcement significantly in the past few years.
Compare these eye-opening HIPAA fine totals by year:
So far, in the first six months of 2017 alone, fines have increased by almost 300% over 2015’s fine total. And if the trend continues, 2017 is very likely to outpace 2016’s record-breaking $23 million as well.
Every healthcare facility in America needs to be closely regarding these statistical trends and doing whatever they can to mitigate the potential to add themselves to the list of those fined by the OCR.
Why the Increase in HIPAA Enforcement?
When OCR begins a HIPAA investigation for a violation or breach, it can take 3-4 years to reach a settlement with the healthcare organization under investigation.
Back in 2013, HHS released its Omnibus Rule. The Omnibus Rule made it mandatory for HIPAA business associates to be compliant with HIPAA regulation. To wit: a covered entity (CE) is a healthcare provider, and a business associate (BA) is a vendor hired by that provider.
In the past year, many of the multi-million-dollar fines levied by OCR have been the direct result of BA non-compliance. If a covered entity shares health care information with a BA without first executing a business associate agreement, the sharing of that data is considered a violation of HIPAA and is subject to significant fines.
Important Note: In cases where OCR detects “willful neglect” of HIPAA regulation, fines can reach up to $50,000 per incident.
With HIPAA enforcement trending toward stricter and more severe financial penalties for improper dealings with BAs, it’s no wonder why fines have been steadily increasing year after year.
Now that some of the major OCR investigations involving BA non-compliance have started reaching settlement, behavioral health providers need to ensure that their relationships with their vendors are lawful under the HIPAA Omnibus Rule.
In short, don’t be lazy and skip drawing up those BA agreements (BAAs). You’ll want to make it a habit, and a routine part of your working life. Because, it doesn’t look like HIPAA enforcement is going away anytime soon.
How to Keep Your Job as a Medical Practice Manager
Aside from the policies involved in how practice managers behave where concerns dealing with business associates, another critical component in how to ensure you keep OCR and compliance violations from your door is hiring top-level IT support specialists like us to help you efficiently and safely store your patient medical data.
Also known as Electronic Protected Health Information, or EPHI, safe storage of your patients’ medical data has become as much of paramount importance to hospital administrators as is giving the patient care itself.
Many healthcare providers – from small doctors’ offices on up to huge hospital facilities – live in constant fear of an OCR investigation and possible HIPAA violation and fines.
But, you don’t to live in fear, thanks to our diligent and economical IT services for medical practices.
Colorado Computer Support helps healthcare organizations and medical practice managers in Colorado Springs, CO and all along the Front Range keep the HIPAA compliance wolf from their doors.
We also have a managed service option that gives all of our compliance support along with all of our other IT management expertise as well.
Ready for IT Support for Medical Practices That Actually Supports You?
If so, simply call us at (719) 439-0599 or contact us online to learn more, and we’ll make sure your business receives customized IT solutions from an experienced and client-focused healthcare IT support provider who can keep medical practice managers from losing their jobs due to cyber breach!