It can be easy to assume that the Department of Health and Human Services Office for Civil Rights (OCR) is only really concerned with the “big fish” in HIPAA compliance. Investigations can take years, so why would they worry about smaller healthcare organizations like yours and your potentially minor data breach, when they can focus on major ones?
Case in point – America’s second-largest health insurer, Anthem, was hit with a record-breaking $16 million fine for exposing the medical data of more than 79 million Americans. With cases like that to consider, why would the OCR care about you?
Unfortunately, this thinking isn’t exactly realistic…
The OCR is just as willing to investigate your minor data breach as they are major ones like Anthem’s. Frensenius Medical Center was handed a $3.5 million fine after five data breaches, each of which affected fewer than 300 patients.
Similarly, you can’t assume that you’re safe from cybercriminals either. Smaller organizations in the healthcare community aren’t flying under the radar. You’re in just as much danger as larger medical practices, or perhaps, even more so, if you don’t have the right cybersecurity measures in place.
For example, a Wyoming community health system, with no more than 90-beds, was hit by ransomware late last year. In the aftermath, they had to cancel appointments and suspend services, severely affecting their patients, and their ability to operate.
Nearly half of all reported data breaches in 2019 affected small businesses, mainly because they’re incredibly easy targets. The fact is that most cybercriminals aren’t spending all that much time or effort in any attack – they’re just sending phishing emails, setting up malware traps, and other largely passive and automated tactics.
That’s why you need to understand your level of risk of a data breach and a HIPAA fine…
If you want to avoid the same noncompliance fines as Frensenius, make sure your HIPAA risk assessment includes:
Need a hand assessing your HIPAA compliance? Don’t worry, it’s OK to ask for help from when the stakes are this big. You can partner with On Time Tech to have your compliance practices double-checked and supported by the right technology.
Like this article? Check out the following blogs to learn more:
My philosophy when starting OTT was I wanted to create a place that I would want to work at (fun and friendly.) Where there was no corporate politics and we could just do our job fixing things and helping people. We can help people with their technology and not be arrogant or condescending to people. We can actually make a difference in peoples lives and not just say it but do it.