04-11-19 | References
To file a complaint for violation of your rights under HITECH or HIPAA, visit the Dept. of Health & Human Services website.
We’ve just launched our latest white paper on HIPAA Compliance! This white paper is ideal for executives and IT decision-makers seeking a primer as well as up-to-date information regarding hipaa compliance best practices and specific technology recommendations, including cloud-based hipaa compliant hosting options.
Read below for an excerpt about what is a hipaa violation:
There are all kinds of HIPAA violation cases out there – whether they violate the security, administrative or technical safeguards, data breaches often occur within certain parameters, as can be seen from research of the HHS reported breaches affecting 500 individuals or more.
|VIOLATION TYPE||EACH VIOLATION
||VIOLATIONS OF AN IDENTICAL PROVISION IN A CALENDAR YEAR
|Individual didn’t know they violated HIPAA||$100 – $50,000||$1,500,000|
|Reasonable cause and not willful neglect||$1,000 – $50,000||$1,500,000|
|Willful neglect but corrected within time||$10,000 – $50,000||$1,500,000|
|Willful neglect and is not corrected||$50,000||$1,500,000|
According to the final HIPAA modifications, in applying these amounts, the Department will not impose the maximum penalty amount in all cases but rather will determine the penalty amounts based on the nature and extent of the violation, the nature and extent of the resulting harm, and the other factors.
Although this may be due to the fact that encrypted data breaches do not have to be reported, the vast majority of data breaches are due to stolen or lost data that was unencrypted. A common theme includes the data archiving method of using backup tapes to store patient health records.
While increasing and monitoring security of the storage facilities is important, another alternative is IT disaster recovery for the cloud. By eliminating tape backup, cloud disaster recovery can increase recovery time objectives (RTO) and restore your server data and applications in hours.
Two separate cases involved an employee leaving unencrypted backup tapes with PHI in their vehicles while parked off-premises. Another case was due to employees mistakenly sending PHI to contractors that posted the information publicly online. Still others include disclosing sensitive information on social media networks that could be personally identifiable.
Training, documenting and monitoring employee adherence to company security policies and procedures is extremely important and one of the easiest preventative actions an organization could take to avoid a data breach. While you should train your own employees, remember that part of due diligence in checking your business associates’ compliance is also verifying their employees have been trained. Ask your HIPAA hosting provider for the latest dates of their employee training.
Almost half of all data breach types can be attributed to the theft of physical records – 49 percent. When portable devices are unencrypted or not properly secured by passwords, pins and other security methods, the risk of a PHI breach increases considerably. Additionally, if you’re not backing up your data frequently, you can lose a lot of valuable patient records if you lose your laptop, smartphone, etc.
One solution is using a HIPAA compliant data center to host your data and applications securely in an offsite location with the appropriate technical, physical, logical and network security in place. With limited remote access, your data is safely stored off of your personal and portable devices while your servers are being managed and monitored by trained professionals.
Sixty-two percent of data breaches involved a business associate, according to HHS.gov, making the vendor selection process an essential step toward achieving full compliance.
Another mistake made in many HIPAA violation cases is the date of notification to HHS and affected individuals. HHS requires extensive documentation within 10 days of a data breach, with at least 15 specific components that relate to the covered entity’s internal investigation, policies and procedures, physical safeguards, risk assessment, and breach notification.
Looking for HIPAA compliant hosting? Otava can help. Our cloud, disaster recovery and colocation solutions have helped covered entities and business associates alike adhere to HIPAA regulations and keep PHI secure. Check out our HIPAA compliant solutions for yourself or contact us to learn more.
Why disaster recovery is important to HIPAA compliance: There are many aspects of complying with HIPAA regulations, and all are equally important to avoid facing the stiff penalties that come as a result of any violations. In addition to technical and physical safeguards for your PHI, the administrative safeguards…(Keep Reading)
Achieving Compliance in a Hybrid Cloud: According to the 2019 Rightscale® State of the Cloud report, the number of enterprises with a hybrid cloud strategy (one that combines both public and private clouds) grew to 58 percent for 2019, up from 51 percent in 2018… (Keep Reading)
What Is The HIPAA Security Rule? How can you be certain that your patients’ electronic health information is adequately protected? The HIPAA Security Rule was created to help you answer that question more confidently… (Keep Reading)
What Is The HIPAA Privacy Rule? Physicians are entrusted with some of the most intimate and personal information in a patient’s lifetime—account and identity information as well as health information… (Keep Reading)
Otava provides secure, compliant hybrid cloud solutions for service providers, channel partners and enterprise clients. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers with a clear path to transformation through its highly effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by its exceptional support team. Learn more at www.otava.com.