That’s how much healthcare data breaches increased from 2010 to 2017.
The news is full of stories about these breaches. There are enough to make you think it’s an epidemic, and unfortunately, it is. This epidemic is costing patients their personal information, such as their social security number, financial account numbers, and private health records.
If you deal with any form of healthcare data, you’re probably wondering how you can protect your clients’ personal health information. Let’s see how patient confidentiality laws can protect your client’s healthcare data and stop this epidemic in its tracks.
HIPAA and patient confidentiality laws
When people talk about patient confidentiality laws, they’re usually referring to the Health Insurance Portability and Accountability Act of 1996, better known by the acronym HIPAA. HIPAA is a federal law that regulates how people’s protected health information, or PHI, can be used and stored. Any business or agency that has access to healthcare data has to follow HIPAA guidelines.
These basic guidelines require you to
- Create privacy policies and procedures designed to help the business follow HIPAA standards.
- Routinely monitor how well your organization follows patient confidentiality laws.
- Have a HIPAA compliance officer who investigates any confidentiality complaints.
- Train all employees on how to follow HIPAA standards during the course of their work.
- Install safeguards on any device containing PHI so that only authorized individuals can access it.
- Encrypt all PHI.
- Sign a HIPAA business associate agreement with any third party that can access or use your data.
In addition to these basic HIPAA guidelines, there are other federal and state laws that protect patient confidentiality. How important is it that you follow these guidelines to the letter?
What are the consequences of violating patient confidentiality laws?
A HIPAA breach can lead to serious consequences for your business. Depending on the kind of violation and how quickly you fix it, you could be fined or receive jail time.
HIPAA violations that fall in the civil category usually incur fines instead of jail time. These fines can be lighter if you are unaware that something violates HIPAA, only violate HIPAA once, or try to correct the violation as soon as possible. But willfully neglecting HIPAA standards or not correcting the problem could land you a fine of $50,000 or more per violation.
If the violation is in the criminal category, then jail time becomes a possibility. HIPAA violations are considered criminal when you knowingly breach HIPAA; use false pretenses; or sell, transfer, or use the information for personal gain. Criminal HIPAA violations can land you in jail for up to 10 years.
If violating patient confidentiality laws is such a big deal, then why, and how, are companies still breaching HIPAA so often?
The most common ways businesses break HIPAA and confidentiality laws
The most common patient confidentiality breaches fall into two categories: employee mistakes and unsecured access to PHI.
Employees can violate HIPAA by looking at patient records they don’t need to access for their job, posting patient information on social media, and not taking proper precautions to protect patient privacy. These breaches often happen because employees don’t understand that their actions violate HIPAA.
Unsecured access to PHI occurs for many reasons. The device storing the information might not be equipped with basic security measures, such as passwords and data encryption. Or the device could be misplaced, lost, or stolen. These breaches happen because people aren’t careful enough with their devices or forget that any device with PHI on it needs to be secure.
Now we know what HIPAA is, what the consequences of violating it are, and how most businesses breach it. How can your business follow HIPAA standards?
How can you follow HIPAA standards?
There are many things you need to do to follow HIPAA and patient confidentiality laws. Every business should look at the federal and state confidentiality laws that apply to them to ensure they are compliant. Here are some basic ways you can follow HIPAA standards:
- Appoint a HIPAA compliance officer for your business.
- Have a lawyer look over your procedures to ensure they cover all laws.
- Perform routine assessments of how well your business is following these procedures.
- Immediately correct any compliance issues you find.
- Train your employees on how to be HIPAA compliant.
- Draw up a HIPAA business associate agreement for any business that interacts with or uses your healthcare data.
- Install strict security measures on any device that contains PHI.
Breaching patient confidentiality brings serious legal consequences. Following HIPAA standards and patient confidentiality laws protects your business from expensive fines. It also prevents the loss of patients’ personal information and builds their trust in your business.