HIPAA Myth: Small practices need not be concerned about HIPAA!

Reality: A small Covered Entity (CE) in Idaho (The Hospice of North Idaho) had an unencrypted laptop containing PHI stolen. As this is a small practice the number of potentially impacted individuals was less than 500. There was no proof that any of the medical records were accessed.

Result: A $50,000 penalty was levied.

Insight: Even very small CE’s are subject to the HIPAA law and failure to comply can result in crippling penalties. The case sited here is a few years old. It was a landmark case because the breach impacted less than 500 records. Recent cases suggest that if a similar breach happened in 2018 the penalty would be substantially larger.

The Dilemma: Small group and individual practices are particularly vulnerable to HIPAA violations. They generally use IT support companies with only one or two employees. Most do not have the knowledge or experience required to recognize and implement what is required to comply with HIPAA. For these support companies they cannot justify the investment in the years of training required to learn HIPAA and how to provide the requisite enterprise level security.

Where does that leave the practice? Most end up playing “Russian Roulette” with their HIPAA compliance. Many do nothing hoping that they never have a breach. Others do a couple of simple things hoping that will be sufficient. A practice that does anything, no matter how small, to comply with the law has shown that they understand that something needs to be done. That triggers a ten-fold increase in the minimum penalties.

Solution: Become defensibly HIPAA compliant by bringing in a team that is focused on compliance for small group and individual practices. Compliance requires securing PHI, training staff, creating policies, and making some operational changes. But equally importantly it requires ongoing logging, tracking, and reporting. Compunet offers the full solution at a small practice friendly price point. Better yet, if you like your current IT support company you can keep you current IT support company!

Contact the Security professionals at Compunet to make sure your practice is defensibly compliant and secure. We offer our clients a full Security Suite and 24/7 monitoring of their infrastructure to ensure their networks are properly secured. As a part of our All in One HIPAA Solution, we offer a free Security Assessment. Check out our quick quiz to see if your practice is compliant!

For more information go to our website:


June 29, 2018 HIPAA Blogs
About admin

Leave a Reply

Your email address will not be published. Required fields are marked *