These HIPAA Issues Can Trip You Up, or Worse, Land You in Court

Understanding examples of HIPAA violations will help you avoid falling into similar scenarios.

In October, AHMC Healthcare in Alhambra, CA, reported that health information on 729,000 patients was compromised due to the theft of two laptops.

Last year, an Arizona physician agreed to pay $100,000 to HHS to settle a HIPAA violation case. HHS’s Office for Civil Rights found that Phoenix Cardiac Surgery had few policies to comply with HIPAA and limited safeguards to protect electronic PHI.

And last month, two employees from an Arizona medical billing firm were arrested for stealing the credit card information of multiple patients of the Scottsdale Dermatology Clinic.

Healthcare organizations large and small are struggling with the many facets of HIPAA compliance.

One Source Document Management says the largest volume of 2012 HIPAA violations occurred as the result of PHI on unsecured laptops.

All of these violations can be avoided by moving patient information to a HIPAA secure cloud platform. In cloud based systems, patient data is not stored on laptops or unsecure drives waiting to be stolen. And because each person who accesses systems containing patient information has a unique login and password, monitoring everyone’s behavior is straightforward and efficient.

An estimated 75% of the medical market currently uses in-house server-based software such as Medisoft or Lytec, but according to the AMA, the trend toward cloud solutions is accelerating.

“People recognize the conveyance of cloud but are actually quite ignorant of important technological advantages such as increased security” states Virginia Rosen of Vastiel Technologies. “Every Fortune 500 company you can name went to the cloud five to ten years ago. The reasons are an important consideration for the Healthcare IT industry.”

The fact is, cloud-based applications are built to help with HIPAA compliance issues.

As we discussed in a previous post, there are 49 HIPAA compliance rules that must be met by billing software used by medical practitioners. It’s important to make sure that accidentally or purposefully, your practice isn’t making any mistakes. A typical in-house, server-based program addresses 9 of them; a cloud-based billing application meets 32.

But there is more to it than just software.

It’s a requirement to designate a HIPAA officer and HIPAA Security officer, and conduct ongoing assessments. Since breaches occur so easily in office settings that utilize desktop software programs, the best move is for practices to shift to the cloud in a HIPAA secure direction.