If you’re a Covered Entity or someone who is affected by HIPAA laws and regulations, you know as well as anyone that a data breach can have serious repercussions on your organization. From client trust and financial consequences to legal ramifications, a breach of data is no laughing matter. To illustrate the importance of a quick breach response, let’s get into some details about a recent case from a medical center in Oklahoma, and what it has to do with you.
The Office for Civil Rights (OCR) and the U.S. Department of Health and Human Services (HHS) have recently taken action against a medical center in Oklahoma because they violated HIPAA’s privacy, security, and breach notification rules. What was the consequence? $875,000 in fines.
This was due to a breach in their web server that contained PHI that dated back to March 2016. This breach leaked information belonging to more than 275,000 people, including their names, dates of service, addresses, and treatment info. The medical center reported the breach in January of 2018, stating that it occurred in November 2017, when it was about a year before that. As justification, the medical center stated that they were unaware of the breach that occurred in 2016. They weren’t aware that their server contained PHI, and didn’t know where their PHI was stored.
OCR investigated further and found that the medical center did not meet the required standards for the protection of PHI, ultimately leading to the breach. Not only is this medical center still paying for this incident, they now have to undergo a corrective action plan (CAP), closely monitored by OCR for two years.
So, what does this mean for Covered Entities? Well, this is just one of many real-life examples proving just how important it is to have a robust HIPAA compliance plan. It’s crucial to know where your PHI is stored and how it’s being protected to protect your relationships with clients and your business against unfortunate circumstances, such as this one.
This is just one of many examples of why HIPAA policies and procedures are crucial. By having a set of detailed plans for device usage, quick breach response, and security protocols already established, you allow yourself to take swift and effective action if a breach occurs. If these are not already in place, you run the major risk of meeting the incident unprepared, endangering valuable PHI, compromising trust with clients, and putting your organization in a financially vulnerable position.
A structured plan puts your organization’s future in a much more stable and reliable position while giving you the peace of mind that you have done everything in your power to protect your organization and your PHI from data breaches.
If you’re not sure where to start, we can help. Want to know more about how you can become HIPAA compliant?
Email us at info@totalhipaa.com to learn more about how we can help your organization become (and stay!) HIPAA compliant. Or, get started here.
