The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has now been around for 20 years and it has evolved over the years based on changing threats, demands and focus of the healthcare industry. But even after two decades, HIPAA compliance still remains a challenge for covered entities—healthcare providers, health plan or healthcare clearing houses.
While patients are increasingly using smart phones and demand information through texting and email, the threat of PHI breaches, violations, and high-risk of Ransomware and other cyber attacks are a real area of concern for HIPAA covered entities. Non-compliance and violations carries a high cost and penalties for willful neglect of the rules begin at $10,000. As the use of new technologies in storing and sharing data become increasingly common, healthcare entities will have to create plans, policies and procedures that are robust and relevant in the current scenario.
In recent years, there has been a dramatic increase in HIPAA enforcements and settlements, as well as discovery of new and lethal threats to the privacy and security of patient information. HIPAA compliance is more important than ever and violators of willful neglect of the rules may face serious legal consequences and penalties.
In 2017 we may expect still more surprises similar to Ransomware and the proposed changes to the HITECH Act. The HHS’ Office for Civil Rights plans to fund the HIPAA compliance audit program further by using some of the $27 million collected from fines and penalties due to HIPAA violations. For HIPAA covered entities, there are three areas that they need to watch out for in 2017 to stay out of trouble:
- √ Patient Access of Information, Texting, and E-mail
- √ Communication with Family and Friends of Patients
- √ Avoiding and Responding to Ransomware Attacks
According to experts, enforcement of the HIPAA rules will be unaffected by the change in administration and the OCR’s focus on increasing HIPAA enforcement will remain in 2017. It also makes business sense that you strengthen your HIPAA compliance as the fines and penalties are severe. Moreover, as a smart healthcare leader, you must consider HIPAA compliance and cybersecurity as a business risk management area and an opportunity to gain competitive advantage rather than a regulatory issue.