Are you HIPAA Enough?

This featured blog is submitted by Alan Morris with permission from the HIPAA Help Center. Alan is Executive Vice President of Cumulus Optimus (www.cumulusoptimus.com), a company that offers innovative healthcare solutions for practices looking to more effectively optimize their practices.


Are you HIPAA Enough?

Over the past few years the main focus of the Office of Civil Rights (OCR), who enforces the HIPAA Law, has undoubtedly been ensuring that covered entities and their business associates are meeting all the HIPAA security requirements in regard to protecting electronic health information (ePHI), including having the necessary cyber security safeguards in place.

A crucial part of the risk analysis is completing an Annual Security Risk Assessment. This annual assessment helps your organization ensure it is compliant with HIPAA’s administrative, physical, and technical safeguards. It is made up of 154 requirements that should unquestionably be met on a continual basis throughout the year. These requirements include, but are not limited to security policies and procedures, external scans, vulnerability scans, tracking electronic assets, other cyber security implementations, workforce training, and more.

The OCR understands breaches and incidents can and will happen, but they also want to know in detailed documentation that there are safeguards in place to mitigate all risk associated with them. All breaches are to be taken seriously and properly reported. But take a look at the stats as to incident sources for a breach. The largest impact has been from internal sources.

Breach Stats – Top 3 Incidents Resulting in a Breach:

  1. 38% Improper Access/ Disclosure (Human Error)
  2. 29% Theft
  3. 21% Hacking/IT

And what happens when there are breaches – does it matter?  Yes!

Health care providers and their business associates may be subject to civil monetary penalties and even jail time, and experts expect fines to increase. Currently, fines range from $100 per violation when a covered entity unknowingly breaks the law, to $50,000 per violation for willful negligence. The Secretary of the Department of Health and Human Services has charged covered entities as much as $4.8 million in a single investigation.

If you aren’t taking this seriously in your practice – you need to. Opargo takes this very seriously and are working to ensure our customers are aware of the importance. There are many groups can help you in this process including Cumulus Optimus, an Opargo and HIPAA Help Center partner.

Posted in: HIPAA, Security