The latest in a string of costly settlements associated with the violation of the HIPAA law highlights the importance of your health care organization closely following HIPAA’s mandates. Is your practice’s IT infrastructure HIPAA compliant? If not, then even an overlooked detail as seemingly-insignificant as updating software will subject you to penalties.
This was the case for Anchorage Community Mental Health Services (ACMHS). Last December, the Office for Civil Rights (OCR) found ACMHS guilty of HIPAA violations which caused a breach of OCR’s electronic protected health information (ePHI), affecting the information belonging to 2,700 individuals.
According to The National Law Review, “The OCR determined that the incident was the direct result of ACMHS’ failure to identify and address basic risks such as running outdated and unsupported software, and failure to regularly update software patches.” For the violations, ACMHS was fined $150,000 and agreed to the adoption of a corrective action plan.
The National Law Review goes on to provide health care organizations with these reminders about what it means to be HIPAA compliant.
When a regular run-in-the-mill business ignores a security patch or uses unsupported software like Windows XP, they do so at their own risk. If there’s a data breach due to negligence, then heads will roll and the business will be found liable. Without protections like HIPAA in place, the average business has the ability to skate by and take risks like this. HIPAA doesn’t afford health care organizations the luxury to take such risks. Ultimately, laws like HIPAA are best for all parties involved, especially for patients and their personal information.
We can take away from this recent case the importance of your health care organization being HIPAA compliant, down to the smallest detail of your IT infrastructure, like routine maintenances and software updates.
Is your practice’s technology HIPAA compliant? If not, you’re subject to a fine and corrective action by the OCR. For matters as serious as HIPAA compliance, it’s better to be safe than sorry. Call XFER at 734-927-6666 / 800-438-9337 for a complete evaluation of your healthcare organization’s IT network so that you can worry about what really matters, the health of your patients.
XFER has not set their biography yet