As compliance standards become stricter, businesses are finding it more difficult to meet requirements. They know it’s necessary, and they may know what to do, but many businesses have trouble implementing practices to meet regulatory standards. When it comes to regulatory standards, no industry has it as difficult than healthcare. HIPAA and HITECH compliance laws are notoriously difficult to navigate, and failure to comply can be devastating.
In 2016, the Office of Civil Rights (OCR) and the Department of Health investigated data breaches among healthcare providers. The investigation led to the discovery of several violations of HIPAA and HITECH laws. Because of the investigation, over a dozen settlements were resolved, as well as one civil penalty, with fines totaling $25,505,300.
2017 is looking a little more optimistic with only nine HIPAA settlements and one monetary civil penalty with fines of $19,393,000. While the numbers show that something is working, it’s unclear what is or isn’t. However, one thing is for sure; businesses don’t want to pay for failing to comply with laws, yet the fines don’t stop them from meeting requirements.
Many of the violations discovered in the investigation originate from the failure to protect protected health information, or PHI. However, there are a few violations that are worth highlighting. These reasons are:
- Insufficient ePHI access control
- Impermissible disclosure of ePHI
- Careless handling of PHI
- Multiple HIPAA violations
- Delayed breach notifications
- Lack of security management process
- Lack of a business associate agreement
Along with securing PHI, another notable trend was the failure of organizations to secure mobile devices to comply with HIPAA and HITECH regulations. Finally, there was evidence of failure to implement proper security process and delay in notification of breaches.
A recent lawsuit was filed against 60 Indian hospitals over failure to comply with the HITECH Act. Allegedly, the hospitals failed to provide records and documentation for as many as half of their patients within the required three businesses days of the request. This is a big issue for the hospital if they wish to receive funding from the HITECH Act.
These violations have significant financial ramifications. Failing to provide healthcare documents when asked, the hospitals now face charges of over $1 billion. Along with this failure, the hospitals also violated the Anti-Kickback Statute and the False Claims Act for falsely claiming they had met the HITECH Act requirements. Before the lawsuit, the hospital had obtained funding over $324 million.
Data security standards are different for every industry. While your company might not have regulations as strict as HIPAA or HITECH, you may still have some compliance regulations to adhere to. IT Support Guys can help ensure your business in complete compliance with any regulation standards you must meet. To find out how we can help, call and speak with a specialist today at 855-4IT-GUYS (855-448-4897).