The days of being slapped with a benign warning letter post-HIPAA investigation are over.
In the past few years, the HHS has really stepped up their enforcement game. Some estimates suggest that corrective action is now required in about 90% of HIPAA audits.
Since the initiation of the Health Information Technology for Economic and Clinical Health Act (HITECH) in 2009, the government’s ability to enforce HIPAA compliance has rapidly expanded. For the past five years, state attorneys general have gotten involved with conducting and enforcing HIPAA audits. Subsequently, the number of investigations increased more than 27 percent in the first year alone.
Since then, healthcare organizations of all variety have experienced costly data breach lawsuits and damaged reputations. From huge names like Blue Cross Blue Shield and CVS to individual clinics, the most costly fines stretch into the millions.
In May 2014 after a network error, New York-Presbyterian Hospital and Columbia University paid out more than $4.8 million in fines for unprotected customer data.
Why the change? How did HITECH affect compliance and how can a HIPAA compliant cloud provider keep you protected? Read on to find out.
High Stakes with HITECH
With the drastic increase in electronic transmission and storage of sensitive of health information like ePHI, the Health Information Technology for Economic and Clinical Health (HITECH) Act was bound to emerge. This one act ushered in necessary changes to properly regulate the developing privacy and security concerns. After HITECH, compliance requirements swelled to include related units like Business Associates (BAs) of covered entities and vendors of personal health records.
This drove compliance home by substantially increasing HIPAA violation penalties up to seven-figures ($1.5 million per incident) and decreased the acceptable response time for corrective action to 180 days. The fines assessed were then redirected from a general fund and funneled back into the tools and enforcement measures necessary to conduct additional audits. (Hence the increase in cases.)
How Does a ‘Serious’ HIPAA Compliant Cloud Provider Protect your Healthcare Organization?
You’ve heard us talk about the benefits of hosting protected health information (PHI) [AH1] before. In short, between a little money up front to insure you’re protected versus the fines your organization could face if it’s not in compliance, we always error on the side of caution.
Our top recommendations when looking for a ‘serious’ HIPAA compliant cloud provider include:
- The option of using data centers with various offsite IT disaster recovery solutions.
- A proven ability to comply with HIPAA data privacy and security requirements.
- Support from a HIPAA trained IT team.
- Fully managed services like 24X7 monitoring and continual upgrades of both cloud and server.
Today, our reliance on technology solutions means healthcare entities can’t afford not to proactively engage in risk management.
Fail to appropriately protect your patient health data and you risk more than just astronomical HIPAA fines. From lawsuits to reputational loss, all the way up to severe patient harm, a quality HIPAA compliant cloud provider like CoreSpace can help you get ahead of an audit and avoid potentially damaging fallout.
Check out our previous article on HIPAA security here.