HIPAA Fines Show How You Are Failing
HIPAA violations are on the rise.
Although we didn’t hear too much about breach-related HIPAA violations during the pandemic, incidents were occurring, and the violations are now being pursued and published. The result is a steady stream of penalty announcements coming from OCR that should get everyone’s attention.
Most recently, MetroHealth System in Ohio announced a breach of the records of 1,700 patients. The incident was first discovered by their EHR company, representing a further failure of MetroHealth’s own security practices.
Another recent violation occurred at SuperCare Health, a California-based healthcare provider. This breach lasted over a week and exposed 318,379 patient records. This breach was caused by the HIVE attack we’ve discussed in the past. What should get your attention about this incident is two lawsuits were just filed against the organization seeking restitution for alleged negligence by the company. The message – you can be sued for by patients and third parties for your lax security practices. The red alert word here is “negligence”, and it’s one we’ve warned about on numerous occasions. Here’s how it works.
If your cybersecurity practices can be deemed negligent, you face significantly greater violations and actions against you. The challenge, of course, is the term negligence can be somewhat ambiguous and subjective. Of course, if OCR (HIPAA enforcement) labels you as negligent, your defense against ensuing lawsuits is severely compromised. However, if aggressive plaintiff attorneys decide you pursue you under a negligence claim, you’re facing a costly defense that could easily outrun your cyber insurance coverage.
That’s why our reminder from a couple of weeks ago, where we discussed the efforts of OCR to solicit input on what constitutes “best practices” for healthcare cybersecurity, is so important. Once they publish their findings on what constitutes best practices, the argument for your negligence will be far less nebulous.
So what are best practices? You don’t have to wait to hear what they have to say. We’ve been a part of the FBI’s Healthcare Working Group for years, and we implement the same solutions and technologies utilized by the largest and best medical facilities in the country. Most of these technology companies have solutions tailored for smaller businesses, so we can offer them to you at affordable prices.
For more details, reach out to us to learn how we can help make your business more cybersecure and HIPAA compliant.