The Cost and Consequences of Non-Compliance

April 2, 2018

It’s never been more important to maintain a secure, compliant health data environment. This is true for the largest health care systems across the U.S. as well as, small private practices such as dental and dermatology practices. Some of the most common HIPAA violations include cases where there is a lack of healthcare provider training, staff use of unsecured devices in and out of the healthcare setting, and improperly secured servers. All of these examples can lead to data breaches exposing patient information and the cost and consequences of non-compliance can be expensive and severe depending on the violation. Penalties can be directed towards both the institution and the individual such as the physician or staff nurse.

The types of penalties can be defined as follows:

CIVIL PENALTIES

Typically cases of wrongful neglect. Fines can range up to $100K depending on the violation.

CRIMINAL PENALTIES

Typically cases of wrongful disclosure. Fines can range up to $250K with some violations resulting in imprisonment.

HIPAA FINES

Typically cases of intentional violation after attestation to HIPAA compliance. Fines can range up into millions of dollars.

The Path to Compliance

To help covered entities such as providers and business associates meet this challenge, health organizations, both large and small, need to conduct routine risk assessments by reviewing their security risk analysis, implementing security updates as necessary and identifying security deficiencies.

The steps include a thorough risk analysis such as:

  • Assessment of current security measures
  • Data collection on document workflow
  • Identification of potential risks and threats
  • Determination of the likelihood of security threats
  • Determination of the level of risk

Final documentation of risk assessment In addition, the Office of Civil Rights (OCR) requires that covered entities and business associates identify vulnerabilities to ePHI that is collected, stored, processed or transmitted.

In addition a Technical Vulnerability Assessment should be conducted to address both HIPAA and HITECH mandates for establishing and prioritizing compliance efforts and identifying security gaps.

A Technical Vulnerability Assessment supports several distinct components, including:

  • External assessment
  • Internal assessment
  • Firewall assessment
  • Wireless assessment
  • Social engineering assessment
  • Penetration testing

At All Covered we understand the challenges and complexities of becoming HIPAA compliant. To help covered entities such as providers and business associates meet this challenge, All Covered Healthcare assessment includes consulting services that can drive an effective HIPAA compliance program, mitigate potentially damaging breaches and ensure that patient confidentiality is protected – all without adding extra personnel to your payroll.

Find out more about our approach to HIPAA compliance by downloading our brochure.

Prevent Penalties for Non-compliance

Navin Balakrishnaraja
National Practice Director for Healthcare IT Services