It shouldn’t take news of a massive data breach on Facebook to remind people in all industries – – particularly healthcare – – that we must remain absolutely vigilant when it comes to security and privacy requirements.
As Rosemary McKenna states in her blog at Lexology:
Nary a week goes by without news of a data breach by a healthcare provider…while there are certainly a good number of breaches resulting from a breach of cybersecurity defenses or from the wrongful exploitation of system security weaknesses, there is still a risk to healthcare providers resulting from the internal operations of the healthcare provider. There are frequent reports of these “internal” breaches: loss of equipment (e.g., laptops that were not secured and unencrypted USB drives), employee wrongdoing (e.g., theft of records or improper access to records to satisfy personal curiosity), and then those unfortunate “oops” moments (e.g., sending personal health information (“PHI”) to administrative vendors without a proper business associate agreement (“BAA”) in place, or a spontaneous conversation in a waiting room disclosing PHI).
Huge penalties are attached to these breaches. Healthcare entities (and their business associates) face stiff financial penalties: $150,000 for a lost, unencrypted flash drive, $750,000 for sending an administrative service provider PHI without a signed BAA, and $2.5 million for a stolen laptop, just to name a few. These poor folks would also likely be required to implement corrective action plans for several years, internal and external costs of investigating the breach and navigating the U.S. Department of Health & Human Services Office for Civil Rights (“OCR”) , and potential litigation, not to mention the adverse publicity. Let’s not even get into the possibility of criminal penalties…
One basic step in a solid security strategy is, of course, to hook up with a dedicated and comprehensive healthcare payments system like OrboAccess Healthcare Payments. Meeting the requirements of the Health Insurance Portability and Accountability Act and the Health Information Technology for Economic and Clinical Health Act (“HIPAA/HITECH”) is that much easier with OrboAccess in your corner.