The Department of Health & Human Services has begun to come down hard on Healthcare Providers for HIPAA Breaches. The Department of Health & Human Services has fined the Hospice of North Idaho for failing to encrypt a stolen laptop. The Hospice Organization has agreed to pay a $50,000 HIPAA Penalty for this single violation.
An important note here is that the $50,000 penalty does not include or cover the expenses the Hospice Organization will incur to notify affected patients. That additional cost could be as much as $83,000. All in all that’s a huge impact for a single HIPAA breach. The message for healthcare organizations is clear, it’s time to check on your HIPAA compliance and breach procedure.
Review Policies & Best Practice
HIPAA breaches should never happen. Organizations that properly manage their data and monitor tier procedures won’t suffer breaches. You need to review your security policy and procedure and perform a risk analysis. Cyber security is a vital issue for all organizations that carry personal information. For the healthcare industry that information is more comprehensive and more sensitive, you need to ensure that your data is secure on every level.
Once you have preformed a risk analysis and ensured that you are following best practice, you need to think about insurance. HIPAA breaches don’t happen to organizations that properly manage their data, but that relies on people following procedure. People make mistakes, so you need to ensure you are covered. The cost that the Hospice of North Idaho have incurred will be huge, insurance coverage could really soften that blow.
Create an Internal Plan
When HIPAA breaches do occur, the organization will suffer a variety of setbacks. Alongside the financial cost, there is also the practical issue of informing patients. You will need to create in internal plan for dealing with a breach. That means your organization should have a clear strategy for informing those affected and a contingency plan to ensure that normal service is not affected.
HIPAA breaches can be avoided with effective risk management, but you need to prepare for them anyway. Few medical organizations could deal with the cost incurred in Idaho.