The Importance and Cost of failing to meet HIPAA Compliance
Any person, business or institution that is engaged in the handling of Protected Health Information (PHI) accepts a strong obligation to protect it. The failure to store or transfer of this information securely can be very costly. The office of Civil Rights (OCR) collected penalties of over a million dollars six times in 2017 for HIPAA Violations. Of these six times, five of them were cases involving failure to protect electronic data.
Since 2003, OCR has investigated over 100,000 cases, levying over $75 million in fines. One of the top five compliance issues investigated was a lack of safeguards over electronic protected health information and the top two entities investigated have been general hospitals and private practices and physicians. OCR has and will take punitive action against healthcare providers of any size who do not safeguard their patients’ protected health information.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) contains two rules that dictate how healthcare providers must protect their patients’ information. This includes any interactions via video conferencing.
The Privacy Rule requires that healthcare providers use administrative, physical, and technical safeguards to protect a patient’s health information, whether it be in written, oral, or electronic form. However, the rule is deliberately flexible so that health providers can make their own determinations on safeguards that best match the needs of their practices.
The Security Rule is focused solely on electronic records and dictates the implementation of security measures to ensure that those records remain private. The two rules are closely related, with the Security Rule adding additional protections on top of those mandated by the Privacy Rule.
HIPAA-Compliant Video Conferencing
With many seeing telemedicine as the future of healthcare, it is essential that healthcare providers offering this service use a HIPAA-compliant video service with appropriate encryption and the ability to set user roles and permissions for staff members.
For further protection, that video service should also include a Business Associate Agreement, which states that any potential security breach or mishandling of protected health information on the service provider’s part is the liability of that provider, not the medical practice.
Protecting a patient’s health information should be a health provider’s top priority. Not only is it the law, it’s good business sense and the right thing to do.
Let’s Talk Interactive offers the world’s most secure and complete HIPAA-compliant video service and office suite in the market today. Our platform securely connects patients and providers across the world, while protecting and recreating the work-flow you would have in your brick and mortar office space. If you’re interested in learning more, contact us today and check out our complete line of tele-health solutions at www.letstalkinteractive.com
Let's Talk Interactive