HIPAA Is Real

Russell B. Still, CVA, CHBC
Executive Vice President

Over the past month, I have heard a number of stories about breaches of patient privacy in medical practices. These include incidents from intentional theft of patient identification for personal gain to accidental distribution of patient information. Whether intentional or not, the risk of wrongful disclosure is expensive and, in extreme cases, includes the possibility of incarceration.

According to a recent study¹, criminal cyber-attacks are up 125% since 2010 and are now the leading cause of data breach in healthcare. It is reported² that the cost per record breached for healthcare organizations is $363. Not all of that amount is hard cost but, depending on the size of the practice, a breach can easily exceed $100,000 - per physician!! According to John W. Miller II (Principal at Sterling Risk Advisors, a risk management and insurance firm based in Atlanta), "Legal fees, regulatory fines and penalties, IT forensic, notification and credit monitoring costs are all a burden borne by a practice with a breach. Most practices are unprepared for this event and the financial toll it takes on the practice’s finances." Your practice can expect civil claims from patients who have experienced financial loss due to their credit being adversely affected. In addition, your practice reputation may be damaged, and you may lose patients.

Do you have insurance in place to cover potential breaches?
Are your systems secure enough to avoid the breach altogether?
Have you implemented administrative controls on your electronic health records to allow input and review of data, but limit the ability to download data?
Is your HIPAA manual up to date? Is your staff trained?
Have you assessed your computer system compliance? Is it appropriately encrypted?

If you have encountered any issues or would like to discuss this further, contact Russ Still at 770-951-8427 or rbs@medicalmanagement.com.