data security Tag Archive

By |

Big Time Fines – HIPAA and the punitive fines that are being levied on medical and dental facilities

data-security

The ADA News reports that a North Carolina ortho clinic has agreed to pay $750,000 to the federal government to settle charges that the clinic potentially violated the Health Insurance Portability and Accountability Act (HIPAA) in 2013 by giving patient information to a potential business partner without a Business Associate Agreement (BAA).The clinic was fined three quarters of a million dollars just because they failed to execute a business associate agreement with a company that was duplicating x-rays.

There is no indication that any patient data was compromised, no patients suffered identity theft or were harmed in any way. The clinic simply failed to do some paper work.

As frightening as that is, this is worse. A medical research group has agreed to a $3.9 million settlement after an investigation determined that a stolen laptop contained the electronic protected health information (EPHI) of approximately 13,000 patients.

NOTE: The data was not hacked. It was exposed when a laptop was stolen. There is no evidence presented that the data was used in a malicious fashion or that anyone was harmed by identity theft.

The fine amounts to $300 for each of the 13,000 records that were lost.

If you lost a laptop or a thumb-drive with your 3000 dental patient records on it then an equivalent fine would be $900,000. Your liability insurance will not cover this fine. Could you stay in business if you were required to pay almost a million dollars out of pocket?

You can protect yourself in three ways.

1. Ensure that all patient data stored anywhere is stored in an encrypted fashion.
2. Do not store patient data on a local computer but keep all PHI in the cloud.
3. Get adequate insurance. (see below)

PCIHIPAA
Most dental liability policies do not cover HIPAA violations or else have very low limits. My friends at PCIHIPAA provide insurance that can cover you if you do have a data breach.

A technology risk assessment is required in order for your office to be HIPAA Compliant. A great way to get started with PCIHIPAA is to take advantage of their free assessment. Find out about any potential risks, what you can do about them and get a quote on insurance to cover you just in case.

Free Assessment

Read more »

× Close