Many medical and dental offices may be breaching HIPAA laws without realizing it or have employees doing so without their knowledge. That should be a wake-up call to those who feel they have nothing to worry about when it comes to HIPAA.
HIPAA liability stemming from the actions of workforce members (including employees, volunteers, and trainees) is a bigger issue than you may realize. An often overlooked cause of privacy breaches is human error. Workforce members with the best of intentions can still be careless and make mistakes.
- A nurse mistakenly gives a document with PHI to the wrong person
- Biller “Cc”s an unintended party on an email containing PHI
- A physician’s unencrypted laptop containing medical records is lost
- Medical assistant discards a private document with PHI without shredding it
- Practice administrator forgets to erase hard drive before returning copier to the leasing company
Healthcare Is at Greater Risk From Insiders
Both human error and malicious intent are working against you when it comes to safeguarding the privacy and security of patient information. In its Special Report: Healthcare, Higher Education, Finance Industry Clients Top Three Cyber Targets in 2013, Kroll, a leader in cyber investigations and incident response shared 2013 case data revealing that 78% of health care cyber crises were tied to human error—and 22% involved an act of malicious intent.
Besides common mistakes, there are increasing acts of malicious intent where ePHI is stolen over a period of time by an employee or staff member(s) that may be acting as feeders to a regional crime ring where patient information is sold for use in medical identity theft or credit card fraud.
Minimize Your Risk With a HIPAA Reality Check
While it’s impossible to eliminate all risks, many can be mitigated in order to reduce the likelihood and impact. One of the best investments you can make to protect your organization is to raise the level of security awareness and privacy concerns across your organization. Stericycle’s white paper HIPAA Compliance: Six Reality Checks is an easy read that reveals powerful facts, graphs and statistics on HIPAA compliance and what can be done to mitigate the risk of a HIPAA breach or violation.
Here’s a look at why everyone could likely benefit from a HIPAA reality check:
- Data breaches are a constant threat
- OCR audits reveal health care providers are not in compliance
- Workforce members pose a significant risk for HIPAA liability
- Patients are aware of their right to file a complaint
- OCR is increasing its focus on HIPAA enforcement
- HIPAA Compliance is not an option, it’s LAW
Every business can benefit from a harder look at their HIPAA compliance. A little bit of investment and commitment to involve employees as key stakeholders in your security and compliance program can save a lot of heartache later.
Contact us today to learn more about how Stericycle helps HIPAA covered entity health care providers:
- Conduct required HIPAA risk assessments
- Establish effective policies, such as "Audit Controls, Access and Monitoring"
- Train you staff on best practices for safeguarding protected health information
MyStericycle.com is new and improved! Take our brief virtual tour to see how Stericycle’s central customer portal delivers the ultimate customer experience.