Am I HIPAA compliant?
This question ought to be foremost in the minds of medical providers, as the vast implications of HIPAA (or the Health Insurance Portability and Accountability Act) can affect pocketbooks and lives. As the field of medicine becomes more technologically entrenched, we need to focus more than ever on how to make Telehealth encounters HIPAA-compliant.
Consider, for instance, a nurse who uploads a photo to Snapchat at her open workstation. Could she face fines? Yes. An MD uses iMessage to send PHI to another provider. Is this a HIPAA violation? Yes.
How is compliance enforced?
In 2017, a wireless health services provider known as Cardionet paid $2.5 million in HIPAA fines. They reported to the Department of Health and Human Services a lost employee laptop in 2012. Per the HHS report: “OCR’s investigation into the impermissible disclosure revealed that CardioNet had an insufficient risk analysis and risk management processes in place at the time of the theft. Additionally, CardioNet’s policies and procedures implementing the standards of the HIPAA Security Rule were in draft form and had not been implemented. Further, the Pennsylvania –based organization was unable to produce any final policies or procedures regarding the implementation of safeguards for ePHI, including those for mobile devices).” Not knowing the rules does not mean you can violate them.
According to the American Medical Association, civil monetary penalties for HIPAA violations range from $100-1.5 million per year depending on the cause and intent, and whether or not corrections were made. Violators could also face imprisonment from 1-10 years depending on the type of offense. Although health insurance providers and health plans can dominate the media reporting of HIPAA violations (over 500 providers in 2017 paid over $19 million in fines), HIPAA violations can affect individuals, Medicare prescription drug card sponsors, and anyone who provides health care. According to the Compliancy Group, “Once you’ve had a HIPAA breach, the name of your practice is permanently listed on Breach Portal–including the offense, date, and number of individuals affected. “If you review the Department of Health and Human Services “Breach Portal,” you will note that violations related to email, laptop, server errors far outnumber the cases related to unauthorized access to paper files.
What are the chances that I’ll be fined?
Beyond the financial and legal implications, providers should strive to want to protect their patient’s protected health information. HIPAA violations breach patients’ trust and confidence in their providers. Especially now that we have such HIPAA compliant resources, it has never been easier to provide the telehealth services patients want while still maintaining compliance.
The importance of HIPAA compliance in Telehealth encounters cannot be understated. As the brick and mortar walls fade in medicine, we need to redouble efforts to remain HIPAA compliant to protect patients and avoid significant penalties.
Want to offer Telehealth services using the most reliable HIPAA videoconferencing platform? Sign up for our free 14 day trial to get started!