What would the auditors find if your practice had an ePHI breach and showed up at your door to investigate? The fines and penalties can be steep and even could include jail time!
Here are three headlines taken from the internet:
- Massachusetts Ear Group To Pay $1.5 Million To Resolve HIPAA Charges
- Memorial Hermann to pay $2.4 million in HIPAA settlement
- Doctor Gets Jail Time for HIPAA Violation, plus $2000.00 fine & the Health System is fined $800,00.00. Unfortunately ignorance of the law is not a valid defense or excuse.
It could be something as simple as:
- Phishing Attack
- 90% of breaches occur via Phishing
- User opens a malicious email
- Lost or stolen laptop
- Collective $1.9 million due to unencrypted stolen laptops for 2 organization
- Lost or stolen flash drive
- $150,00.00 penalty for lost flash drive, no risk assessment or policies in place
- Lost or stolen backup media
- Your system was hacked & data stolen
- Staff browsing medical records of patients, colleagues, high profile patients & those in public office, not related to or having the need to in doing their job
What would the auditors find?
- Do you have an assessment on file?
- Do you have appropriate policies and procedures in place?
- MDTS offers a library of essential polices & procedures
- Did you adequately train your staff and provide ongoing education?
- Most breaches occur due to under-educated or un-educated staff!
- MDTS offers a library of quarterly or monthly newsletters, charts & posters
- Can you show evidence to support you do what you say you’re are doing?