Regardless of your feelings and politics, the die has been cast by this weeks elections. The Affordable Health Care Act (Obamacare) will go fully into effect come 2014. We have all heard both sides of the argument on how good or how bad this will be for business financially, but how much have you planned for the potential expense coming your way for fines and other penalties for not securing your data?
For those not in the health-care industry, read on this will eventually come to pass for any company with data on its customers.
Unlike a regulation that states you must have seat-belts for every person on board an airliner, HIPAA/HITECH is full of “guidelines” which are vague at best. For example HIPAA/HITECH states that you must destroy old documents that contain PHI (Protected Health Information). That’s it, just destroyed, so what happens if you shred with a strip shredder and someone goes thru the trash and puts a social security number back together?
Technically you “destroyed” the document, but will the Plaintiffs attorneys see it that way or will you be writing a check for six figures to the fed’s and another to the patient?
Now you should be asking, “How does my business mitigate the risk of a breach , and be prepared in the event of an audit or loss of PHI or customer information?” The clear answer is through a team approach, with a security aware IT support provider, your attorney and the management team of the practice or business. By insuring that proper measures are put in place now that provide tools that, in the event of an audit, breach, or trial, will make or break your case.
DUE DILLIGENCE and INDUSTRY BEST PRACTICES. These should be the focus of your security policy, procedure and plan. In most cases Due Diligence and Industry Best Practices overlap in a major way. For example, another scenario involves password policy, and this applies to any business that might find themselves on the receiving end of litigation, should their client information become public.
If you have a breach and/or are audited, and it is found that you have not implemented strong passwords and the related policies, in comparison to other firms in your industry, then things are likely to go very badly for you!
So what’s the take-away? Have an IT service provider that is security savvy, and an attorney that understands the potential for litigation due to lost data and data breach! If your IT support company thinks HIPPA is Prince William’s sister-in-law and your Lawyer keeps his password taped on his monitor, you might be in trouble!