By Ross Pope, Chief Financial Officer at Prescribery
The Health Insurance Portability and Accountability Act (HIPAA) challenges organizations to handle patient and health care data with great care. HIPAA’s purpose is noble. The law is a bulwark against privacy violations. But compliance can be devilishly complicated and expensive. Let’s unpack 4 key difficulties related to: technical controls, telehealth and telemedicine, cybersecurity, and risk management.
- Faulty technical controls. Your organization needs to know not only who accesses your data but also what happens to that information. When unauthorized users breach your technical controls, sensitive information can be compromised or destroyed. Data transfer also needs to be closely monitored, or the security of the whole organization could be threatened.
- Telehealth and telemedicine mismanagement. Over the course of the COVID-19 pandemic, health care organizations have scrambled to create virtual options for patients—and build up infrastructure to support this work. This remote medicine has proven invaluable. But virtual processes can expose data in unexpected ways and thus create HIPAA compliance headaches. A secure, trusted platform, such as Prescribery, can prevent problems—for instance, when linking pharmaceutical manufacturers properly with potential patients.
- Cybersecurity breaches. Large-scale health care data breaches at major companies have affected nearly 100 million people. These lapses undermine consumer trust in the system. Organizations cannot shield themselves from every threat, all the time. However, they can create better processes, train employees to be more vigilant, and make use of platforms like Prescribery to reduce the likelihood of cybersecurity disasters and minimize their severity when they occur.
- Failure of IT risk analysts to identify and deal with HIPAA compliance issues. Large health care organizations must ceaselessly be on the lookout for possible vulnerabilities and stress test their teams and systems. Unfortunately, this process tends to be time and resource intensive, and many IT teams lack the bandwidth or training to shore up all the weak points.
As if losing patient trust weren’t reason enough to focus on HIPAA compliance, financial consequences can also be extremely severe. Penalties for failing to comply with HIPAA regulations may range from $100 to $50,000 per violation, depending on the level of negligence involved. In extreme cases, penalties may soar as high as $1.5 million per year. When willful neglect becomes a factor, HIPAA violations may even come with jail time.
The good news is that organizations are not helpless in the face of these threats. In addition to making sure telehealth and telemedicine platforms are HIPAA compliant and shoring up their technical controls, they should conduct risk assessments to make sure the in-house IT team doesn’t become overwhelmed and miss key details. Investing in IT infrastructure as well as activities like employee training can prevent cybersecurity issues compromising private data. With an active approach and the strategic use of platforms like Prescribery, organizations can protect themselves from HIPAA violations.