The Health Insurance Portability and Accountability Act (HIPAA) applies to organizations that deal mostly in the healthcare industry. It applies to patient data that must be kept confidential.
Gone are the days of being able to lock charts in a file cabinet, most medical records are now stored online in order to be able to be accessed from anywhere at anytime by any medical professional. The threat, however, to those records being obtained by unauthorized people has also grown.
ProStratus has a team of compliance experts that will help to ensure that your organizations patient data is safe and that all of the legal requirements of HIPAA compliance are met. This often includes both technical controls for data security and procedurals reviews to verify that employee behavior is also inline with data safety and confidentiality.
Why do I need HIPAA compliance?
If your organization deals with any sort of Protected Health Information (PHI) then you will need to address the controls that are required for compliance.
Compliance of this nature also helps to secure your network environment. It is more than just checking a box, but also about making sure that your organizational environment is prepared to defend against such threats as ransomware, cryptolocking and data compromise.
How do I achieve HIPAA compliance?
There are a number of technical and procedural elements to compliance. ProStratus will help your organization by performing an initial assessment of the current environment. With that information, we will develop a plan to address any gaps or deficiencies, paying special attention to high priority items that present the greatest security threat. Once that is done, we will help you to further secure your environment by using that plan as action items.
Once the assessment is done and the action items are completed, we will perform a follow up assessment to make sure that all elements of compliance are able to pass.
We see ourselves as partners in this venture and we will offer our assistance and expert guidance to bring you to a HIPAA compliant posture.
What happens if I am not compliant?
The penalties for non-compliance with HIPAA can be quite severe. Considering that it is a federal law, there are various penalties including civil cases, criminal cases, financial penalties and the potential, in extreme cases, for imprisonment.
Fines can be imposed for violations, whether knowing or through negligence, of up to $100 per offense, with a maximum of $25,000 per year per violation type. If there are multiple controls violated, this can add up very quickly.
Civil violations of HIPAA controls usually center around negligence and an attempt to correct the violation. These fines can range from $100 to $50,000 per violation.
Criminal violations of HIPAA controls center around privacy violations and the wrongful disclosure of PHI. More severe punishments are levied for individuals who knowingly and maliciously released such information. Fines for these violations can range from $50,000 to $250,000, with prison sentences ranging from 1 to 10 years.