HIPAA Violation Settlements in 2018 vs 2017
In just the first few months of 2018, the Office for Civil Rights (OCR), which is the entity within the U.S. Department of Health and Human Services (HHS) charged with enforcing HIPAA, has already reached two HIPAA violation settlements totaling more than $3.5 million. In one case, an organization’s failure to follow HIPAA’s risk analysis and assessment rules resulted in five data breaches and significant fines. State attorneys general may also enforce HIPAA, and New York and New Jersey have already issued in 2018 HIPAA violation fines of more than $2 million.
Of course, settlements issued by the OCR and state attorneys general aren’t the only ways in which companies may have to pay for failing to follow HIPAA regulations – class action suits over egregious HIPAA violations can also result in significant financial penalties. In January, one of the country’s largest health insurers agreed to pay $17 million to settle a 2017 class action lawsuit regarding a privacy breach that affected thousands of individuals.
In 2017, violations of the Health Insurance Portability and Accountability Act (HIPAA) resulted in nine settlements and more than $17 million levied in related fines. While no new requirements have been announced in 2018 – and in fact the current administration has indicated a desire to streamline regulations – one thing is clear: HIPAA enforcement is still a priority.
Protecting your organization from HIPAA violations
The security of patients’ healthcare data continues to be of primary importance, and the potential financial consequences of HIPAA violations remain costly. Making decisions that benefit your company and ensure compliance requires a solid base of knowledge regarding HIPAA. Investing the time and effort to learn about HIPAA regulations and to create and implement a comprehensive compliance plan is the best way to protect your organization from data breaches.
HIPAA violations and Healthcare IT System security
Besides following the guidelines for HIPAA regulations, your Healthcare Information Management Systems must also be fully compliant. Breaches can occur even during EMR migration or while accessing Legacy Healthcare Data Archives. Whatever enterprise content management systems your healthcare organization is using, ensuring HIPAA compliant end-to-end encryption of data is of utmost priority. Many medical professionals still rely on thumb-drives or unsecure cloud storage to make files accessible on different devices, and as we all know, the results for misplacing such files can be very costly not just financially, but also can result in a major reputation damage for the medical professionals and the organizations they work at. To be safe, always use a HIPAA-compliant enterprise content management system.