The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) is responsible for enforcing HIPAA privacy and security regulations. The OCR is increasingly determined to enforce HIPAA regulations, and audits are becoming more frequent. Healthcare providers and covered entities need to ensure the security of PHI and sensitive data, otherwise they could be liable for significant fines. Some recent HIPAA violations and fines hitting the headlines include:
- A hospital in Texas was fined $3.2 million when the OCR found that hospital officials were using unencrypted laptops and phones for 3 years, violating a HIPAA health data security rule.
- An insurance company was fined $2.2 million for not taking appropriate actions involving a stolen flash drive containing names, social security numbers and other protected health information of more than 2,000 customers.
During 2016 alone, there were $22.8 million in HIPAA settlements for violations impacting over 4.4 million individuals. But if you think only large healthcare organizations are subject to OCR audits and fines, think again. Other headlines include:
- A small pediatric and adult dermatology practice was fined $150,000 for HIPAA violations resulting from a lost, encrypted flash drive containing patient PHI.
- A cardiology group of 5 physicians reached a $100,000 settlement because of failure to comply with the HIPAA requirements by posting patients’ appointments on a publicly accessible internet-based calendar.
In addition to monetary fines, healthcare organizations cited for violations may suffer irreparable harm to its reputation, proving even more costly. After all, how would you feel receiving care or doing business with a healthcare organization unable to adequately protect patient information and privacy?
Many organizations turn to hosting providers to alleviate the burden of managing an IT infrastructure while relying upon them as the experts in HIPAA compliance. For these organizations, it is crucial to choose a provider with proven knowledge and experience managing environments in compliance with HIPAA/HITECH regulations.
Since 1998, Connectria has been securely hosting and managing compliance solutions. Since 2007, Connectria has been providing HIPAA Compliant Hosting Solutions in the cloud. Today, customers leverage Connectria’s vast HIPAA expertise to achieve and maintain compliance no matter where their cloud resides; within Connectria’s clouds or partner clouds such as Amazon or Microsoft.
For healthcare organizations considering moving their application workloads and data to the cloud, there are many benefits to be derived; however it is wise to conduct your due diligence in selecting the right provider. You can’t afford not to.