Health care records contain a lot of the most private information about an individual. These documents may disclose full names, addresses and even embarrassing medical conditions that could be used to blackmail unsuspecting victims. As such, it quickly became apparent that this type of data needed to be guarded from cybercriminals.
In 1996, the U.S. government passed the Health Insurance Portability and Accountability Act, which governs how health care organizations handle protected health information. But what can a HIPAA violation look like, and what are the ramifications? Let’s take a look at how you can protect patient information:
What constitutes a HIPAA violation?
The U.S. Department of Health & Human Services defines a HIPAA violation as an action taken by a covered entity that results in the breach of PHI. A covered entity just means someone involved in the health care system who handles the patient’s information. This could be a doctor, nurse, health insurance provider or any other organization that is given access to medical data.
A pretty cut-and-dry example of a HIPAA violation is the incident that befell Andrea Scarborough of Lakeland, Florida. Due to a mix up at a local printer, Scarborough became the recipient of quite a few medical documents that were supposed to go to Doctor Today, a health care provider near her.
Although Scarborough did the right thing and contacted Doctor Today about their mistake, this situation could have very easily gone another route. Had these records been sent to a more nefarious individual, the patients of this particular doctor’s office could have become the victim of identity fraud.
“Accidentally releasing PHI is still considered a violation of HIPAA.”
How high can penalties reach?
The interesting part about this particular case is the fact the health care providers involved didn’t technically mean to violate HIPAA. In fact, accidentally releasing PHI is still considered a HIPAA violation. The American Medical Association states that an individual can still be penalized even if they “did not know (and by exercising reasonable diligence would not have known) that he/she violated HIPAA.”
That said, accidental HIPAA violations or breaches aren’t all that expensive. Covered entities caught up in such an event could only pay $100 per violation, so a pure mistake on a small scale isn’t necessarily a huge deal. However, HIPAA penalties can reach to incredibly high sums if the person or persons involved make a willful, egregious mistake.
A breach that stems from carelessness can be hit with a minimum penalty of $50,000 per violation. Although the yearly maximum tops out at $1.5 million, a breach of a large collection of PHI due to “willful neglect” is going to be an incredibly costly affair.
What can you do to prevent a violation?
Although violating HIPAA is a disconcerting thought, there are quite a lot of things that a health care administrator can do in order to decrease the chances of a breach. Working with a data storage provider that has intense knowledge concerning HIPAA is a great place to start, but sometimes it isn’t enough.
Medical documents need to be transferred from person to person, and this exchange opens the information up to attack from cybercriminals. As such, health care officials should look into Fax over IP as a means of keeping PHI safe. Much like legacy fax systems, FoIP is regarded as a safe and effective means of document transfer. What’s more, this service offers a level of convenience that legacy faxing simply cannot. FoIP is a great way to increase security and work toward HIPAA compliance.
Enhance enterprise communication, collaboration and compliance efforts with a proven FoIP solution from FaxCore. Contact FaxCore today to learn more about their ‘Partly-Cloudy’ fax solutions.