In February, a breach of the Health Insurance Portability and Accountability Act by the Puerto Rico-based Triple-S Management Corp., netted the health insurer a $6.8 million fine, believed to be a record for a single incident. According to National Law Review contributor Kimberly Gold, a penalty on this scale could be an ominous sign of things to come for healthcare providers found in violation of HIPAA. Healthcare organizations are under virtually unprecedented scrutiny for their information management practices as cyberthreats and data leaks remain an ongoing issue. Without FaxCore's HIPAA compliant fax solutions, organizations will continue to be at risk for attacks and post-breach sanctions.
Gold noted that the fine, which the Puerto Rican government imposed, eclipses that of any levied by the Department of Health and Human Services' Office for Civil Rights, which handles HIPAA governance in the U.S., and actually exceeds the maximum federal fine, which tops out at $1.5 million per incident. The information exposed – health insurance claim numbers – is also less potentially devastating than information leaked in other breaches, which includes Social Security numbers, patient financial information and sensitive health records.
The size of the HIPAA violation fine in spite of the context of the breach, however, indicates that governments may look to come down harder on violators in order to send a message about HIPAA compliance.
"The staggering fine may embolden federal regulators or state Attorneys General to take a more aggressive position and impose more civil monetary penalties for HIPAA breaches, even breaches previously considered less serious," Gold wrote. "Organizations should take extra precautions to prevent and remedy breaches."
Why to invest in HIPAA compliant fax solutions
Risk assessment and prevention are vital to complying with HIPAA standards, but more importantly they are essential to keeping confidential information out harm's way. In healthcare, rapidly shifting communications systems give rise to risks as legacy methods collide with emerging technologies. Older record keeping and sharing practices, including fax machines, handwritten prescriptions and acres of manila folders in metal file cabinets, leave a lot to be desired. However, these procedures persisted because there little better out there.
Now, the rise of electronic health records replaces many of the physical security concerns with virtual ones. According to the National Centers for Disease Control and Prevention, 78 percent of physicians used EHRs in 2013. However, protection often lags behind adoption. The Health Department has aggressively targeted EHR "meaningful use" standards, causing productivity and security problems as physicians and hospitals struggle to adapt. Additionally, many organizations remain caught in the middle, relying on hybrid file protection methods that sow confusion and vulnerabilities.
HIPAA compliant fax solutions like IP or cloud faxing help improve risk assessment and protection while also driving productivity. FaxCore's managed HIPAA compliant fax services enable healthcare organizations to adopt a cloud-based model for sharing records, streamlining storage and transfer and eliminating the problems that arise from a physical/virtual hybrid communications model. It offers protection and archival services to help keep information safe, and eliminates the need for insecure file transfers from fax machine to fax machine by running interactions through the cloud.