Every year millions of doctors around the country are submitting Security Risk Assessments to their EMR in order to be considered “HIPAA Compliant”. Are they really compliant though? Have all of these private practices really taken every step possible to ensure that they are HIPAA compliant to the fullest, and if they were to ever experience a breach of HIPAA information, would be fully protected from fines adding up to millions of dollars?
Zekteck performs an assessment alongside private practice owners, managers, and staff in order to find the gaps that exist between their current status of HIPAA compliance and what qualifies as being fully HIPAA compliant.
Part of HIPAA compliance is completing an annual security risk assessment. This is often accomplished by completing the SRA provided by HHS. How accurately is it being filled out though?
Here are examples of medical practices that were providing an annual risk assessment to their EMR and still incurred thousands or even millions of dollars in fines:
A private dental practice is fined a REDUCED FEE of $10,000 for disclosing PHI on social media. This could be prevented by training employees on security practices every year. See the press release here.
An allergy practice was fined $125,000 for disclosing patient information to a reporter. See the press release here.
A Hospital is fined $111,400 for not removing a terminated employees access. Access Management is a crucial part of remaining HIPAA compliant. See the press release here.
Center for Children’s Digestive Health is fined $31,000 for not having a Business Associate Agreement in place. See the press release here.
The above cases only represent the fines for smaller practices. Larger practices are often fined millions of dollars, one of the biggest was associated with the Anthem breach at $16 million.
These cases also only represent the fine owed to the Office of Civil Rights and HHS. They do not account for the cost of corrective action that is mandated to take place in order to stay in business, which could range anywhere from $10,000 a year to a few million dollars a year.