IT Insights

New heights in data compliance penalties

The tech industry is littered with buzzwords: overused jargon generally meant to inspire feelings of hope and accomplishment. Not all have positive connotations however, and data compliance is one of those spooky buzzwords that many small- and medium-sized businesses have scant specific knowledge about. What better way to gain a clearer understanding of the consequences of noncompliance than a high-profile case on the subject? We’ve compiled a brief synopsis of the case here.

As the largest fully integrated healthcare system in Illinois, Advocate Health Care Network’s mismanagement of electronic medical records (EMR) came as quite a shock. Regardless of your feelings on such a sizable provider being unable to maintain secure EMRs, what can’t be argued is the precedent set by last month’s $5.5-million settlement.

How exactly did it come to such a historic penalty? The answer is threefold. Firstly, Advocate failed to perform the risk assessments mandated by HIPAA regulations — an oversight that could have potentially prevented the other two infractions. Secondly, Chicago’s premier healthcare network failed to obtain proper written agreements with each of the business partners who had access to its data, which may have gone unnoticed if one of its associates had not been the subject of a security breach.

The final infraction, and arguably the most directly relevant to Advocate’s internal security policies, was the unsatisfactory safeguards in place on two stolen laptops with confidential medical information. While the breach of its business partner’s network only put 2,000 EMRs at risk, the stolen computers had access to almost 4 million.

So, if you’re tired of vague platitudes about ‘penalties for lax data compliance’ or the ‘liability risks of mediocre security,’ this is your answer: inadequate preventative measures, unfit business partners, and poor internal security protocols can spell millions in damages. Unfortunately, this isn’t just an aberrant case — the total punitive damages for HIPAA noncompliance in 2015 totaled $6.2 million; after just over eight months into 2016, they currently stand at $20.3 million.

Keep your company’s name off the growing list of companies that didn’t have suitable systems in place when it mattered most. Our EMR management practices provide a full suite of care for your data records; from prevention to end-point security, your information is safe with us. Our proficiency in the healthcare IT industry spans a wide variety of experiences and know-how. Contact us today. We’d love to tell you all about it.

Published with permission from TechAdvisory.org. Source.

Facebook
Twitter
LinkedIn
Archives