In today’s modern world, healthcare providers are commonly using computerized physician order entry (CPOE) systems, electronic health records (EHR) and online systems for coordinating pharmacy, radiology and laboratory systems. Health insurance providers also are increasingly offering online services for enrollment in benefits plans, claims and care management.
With more confidential patient information being stored and transmitted online, the risk of that sensitive health and personal information falling into the hands of cyber criminals has increased.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established strict guidelines for the electronic storage and transmission of personal health information. For healthcare companies that handle such sensitive information, HIPAA established strict rules that companies must comply with regarding electronic private health information (e-PHI).
The HIPAA standards apply to all health plans, health care companies and any health care provider who transmits health information in electronic form. The law is divided into two sets of rules, the Privacy Rule and the Security Rule.
The Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information “protected health information (PHI).”12
Individually identifiable health information is information, including demographic data, that relates to:
• the individual’s past, present or future physical or mental health or condition,
• the provision of health care to the individual, or
• the past, present, or future payment for the provision of health care to the individual,
and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.
Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).
Failing to comply with the HIPAA standards for privacy and security carries the possibility of stiff fines, criminal prosecution and other penalties. The Department of Health and Human Services (HHS) may impose civil money penalties on a covered entity of $100 per failure to comply with HIPAA, up to $25,000 per year for multiple violations.
Criminal penalties may be assessed against a person who knowingly obtains or discloses individually identifiable health information in violation of HIPAA as well as a fine of $50,000 and up to one-year imprisonment. The criminal penalties increase to $100,000 and up to five years imprisonment if the wrongful conduct involves false pretenses and to $250,000 and up to ten years imprisonment if the wrongful conduct involves the intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain or malicious harm.
Getting HIPAA compliant is not just the law, it’s also beneficial for clients who depend on their healthcare providers to maintain the privacy of their medical records. Proficio’s expert security analysts can guide your hospital or healthcare organization through the HIPAA compliance process. Proficio’s HIPAA Compliance Insights Service helps companies get and stay compliant with HIPAA’s regulations.
Proficio helps me sleep better at night.