08-04-11 | Blog Post
For more information on HIPAA violations including violation types and associated penalties, specific HIPAA violation cases, and tips to avoid a HIPAA violation, visit What is a HIPAA Violation?
Looking for more information on HIPAA IT requirements, recommendations, and the foundation of a secure HIPAA compliant data center?
Download our HIPAA Compliant Data Centers white paper now for a complete guide to HIPAA hosting with IT vendors.
Source: Ober & Kaler Attorneys at Law
With upcoming HIPAA Audits becoming an undeniable short-term reality, no health care organization can afford to overlook HIPAA compliance. The most recent major HIPAA violation by the University of California at Los Angeles Health System (UCLA) prompted a settlement of $865,000 for violating privacy laws by leaking celebrity medical data to the news media.
Earlier this year, Cignet Health was the recipient of a $4.3 million fine for refusing patient access to their medical data.As seen in HIPAA Violations above, the greatest number of HIPAA violations occur in the form of physical theft, including paper records and portable electronic devices (i.e., laptops).
The switch from paper records to an Electronic Medical Records (EMR) system is intended for increased protection of health information through technology – the use of firewalls, data encryption, access logs, etc. The federal EHR incentive program was created to supply funding for health care technology to accomplish a complete transition from paper to electronic record keeping and transmission.
However, electronic records can still be stolen (as seen in physical theft by laptop or other portable device). More and more health care organizations are eyeing server virtualization (aka cloud computing) and SaaS models of delivering health care related software to increase the protection of electronic protected health information (ePHI) by the use of firewalls, intrusion detection and prevention, access authentication and more.
The improved resiliency of cloud computing for backing up sensitive data and the applications that use them are also affording health care IT groups new ways to assure the availability of ePHI and related systems.
While public clouds present challenges to proving that sensitive data can be protected and highly-available, many health care related IT groups are accomplishing HIPAA compliance with private clouds. Unlike public clouds, private clouds use virtualization technologies within a dedicated and secure network.
When placed in a high-availability environment, these private cloud servers offer HIPAA compliant hosting for healthcare applications and patient data along with the cloud computing benefits of scalability, quick deployment and cost-savings.