The Risks of Ignoring HIPAA are too Great

HIPAA: The Risks of Ignoring it are too Great

The first of the laws in what has become HIPAA was passed in 1996. It wasn’t until over a decade later that these laws started to have consequences for ignoring them. With the passing of the Omnibus Rule in 2013 the law included enforcement (random audits) to go along with the steep penalties for non-compliance.

It is easy to understand why practices and medical professionals could have a tendency to continue to ignore the law. They have heard about HIPAA for so long, most have done very little about bringing their practices into compliance, and yet they have experienced no consequences for disregarding doing what is required. There are two reasons why this has become a very dangerous attitude.

First, the penalties are significant and are being enforced. Even a casual observer will have noticed the increased number and size of violation penalties. Earlier this week HHS published a press release about a $4.3 million penalty against the MD Anderson Cancer Center. Moreover, experts warn that Category 1 penalties (unknowing violation or ignorance) may no longer apply because information about the law is pervasive. The minimum penalty for a Category 2 violation is $1,000 per violation. A device containing Protected Health Information (PHI) could have hundreds or thousands of records on it. If such a device were unencrypted and stolen the penalties, if it was deemed just a Category 2 violation, could easily reach over a $1.0 million. Category 3 and Category 4 violation penalties are 10 and 50 times greater.

Second, as noted in previous blog postings PHI is a ready target for data thieves. As a quick refresher, medical information cannot be changed (blood type, medical history, etc.) and most financial information (bank accounts, credit card numbers, etc.) can easily be changed. HHS publishes a “Wall of Shame” that lists all reported breaches. It is clear that the number of breaches is increasing. Many believe it is a matter of when not if a practice will be a target.

Implementing the changes required to secure data, train staff, and complete the required Annual Risk Audits is no longer as expensive and time consuming as it once was. However, the odds are stacked against practices that continue to ignore protecting their data in a HIPAA compliant way.

Contact the Security professionals at Compunet to make sure your practice is defensibly compliant and secure. We offer our clients a full Security Suite and 24/7 monitoring of their infrastructure to ensure their networks are properly secured. As a part of our All in One HIPAA Solution, we offer a free Security Assessment. Check out our quick quiz to see if your practice is compliant!

For more information go to our website:

June 20, 2018 HIPAA Blogs
About admin

Leave a Reply

Your email address will not be published. Required fields are marked *