Too Small for IT, Not Too Small For the HIPAA Act

By

ID-100228011 The Government is Cracking Down on HIPAA The HIPAA Act has been making media waves across the country. The newly redesigned HIPAA Act has been exposing security flaws within the healthcare system and they have paid heavily for it. This has been happening frequently and according to Marianne McGee from Healthcareinfosecurity.com, “More than 70 incidents have been added in the last month to the Department of Health and Human Services’ “wall of shame” website listing health data breaches affecting 500 or more individuals – far more than in any other recent month.” It can begin easily with one little mistake. In late 2011, a small dermatology practice in Massachusetts contacted the Department of Health and Human Services warning them that a small USB stick had been stolen containing 2,200 patients personal health information. This was a simple mistake and anyone could have made it but the final result was that the practice was charged a staggering $150,000 in a settlement. So why are companies making this mistake so often? Too Much Change, Too Much to Keep Up With One of the main reasons this crack down on healthcare providers is happening is because the omnibus HIPAA Act has been newly modified so there are new laws to follow. Some healthcare providers may not have educated themselves enough on these new laws, which can lead to legal trouble. This lack of knowledge can cost a company hundreds of thousands of dollars and is as easy as losing a USB stick with data on it. Too Small The second reason is that some medical companies may not be big enough to hire an IT representative to help stay compliant with the HIPAA laws.  With companies like this that stay relatively under the radar, personal health information can often times be overlooked and can be exposed easily.  Smaller medical companies that can’t afford IT must rely on their own administration to step up and take responsibility. This means they must keep up with all the fine details of correctly storing and sharing patient’s information, which can become a challenge due to stresses of overseeing healthcare operations already. The Bottom Line The only secure way to make sure these smaller practices can stay HIPAA compliant is to store important data in the cloud and protect it with encryptions. This allows a company to securely store and share information with others without the risk of it being exposed to the public and can be done with all the employees of a company. This technology can essentially replace the need for an IT representative if money is tight and can easily make sure personal health information is never stolen and remains complaint with the HIPAA Act.