HIPAA (the Health Insurance Portability and Accountability Act) refers to a series of federal laws and implementation regulations enacted beginning in 1996 to protect the privacy and security of patient information.
Patient information extends beyond purely clinical information like medical records. It also includes demographic and financial information related to a patient.
The government says patients have a right to have their medical records kept private and secure. Unfortunately, the breach or improper disclosure of this information occurs on an almost daily basis.
The consequences of an improper medical data disclosure can be very severe for both the patient and the organization responsible for causing/allowing the breach—malicious or not. A patient can be subject to identity theft, tax return fraud, medical care procured in their name, and damage to their credit rating. Plus, they can’t cancel their medical record like they can a stolen credit card, so the problem persists.
The entity which causes the breach will be subject to considerable expense to report it and repair the damage, reputational damage as well as government fines, all of which may threaten their continued existence as a business.
Knowing all of this, why would an organization not want to make every reasonable effort to keep valuable information private and secure?
The good news is keeping medical records secure need not be difficult, time-consuming or expensive. We’ll tell you how to become properly HIPAA compliant in future communications.
If you have questions about HIPAA or would like a complimentary HIPAA Compliance Review for your organization, please contact us.