Today's Practice: Changing the Business of Medicine National Edition Q1 2018 | Page 28

T E C H N O LO G Y Hungry, Hungry HIPAA... Data Protection: Best Practices By David Mercy, IT Support LA “First do no harm” is a concise summary of intent, although not the actual wording present in The Hippo- cratic Oath. Doctors in any medical field have TWO responsibilities in this respect to their patients. First: The physical well-being of the patient. Second: The well-be- ing of their information. Physicians are often more concerned with the treatment of their patients, and rightly so, however, HIPAA regula- tions and fines should also be taken quite seriously. Viola- tions often happen inadvertently, but they can still place a great burden your practice. A patient will seek a second opinion immediately if their faith in their physician’s medical abilities becomes suspect, but what about the theft of their personal information? Breach of that trust can also lose a patient and incur negative ‘word of mouth’ affecting your practice and your standing in the commu- nity. Since the passage of the HITECH Act in 2009, the network of government offices concerned with Health Information Technology has been given the authority to establish programs presiding over a number of areas to improve health care, and the main enforcement arm of this body is HIPAA, which is expanded and given more teeth with which to punish violators every year since. In 27 July of 2016, The Health and Human Services’ Office for Civil Rights (OCR) greatly stepped up its auditing program. As Government agencies do, once they start levying fines and generating payments, they smell money. Just make sure that lovely green fragrance isn’t coming out of your medical offices. Watch out for this side note: If you are sent an email by the OCR concerning an audit: It should come from ‘[email protected]’. Check the address carefully – if it has an extra dash and ‘us’ at the end, as in ‘[email protected]’, it is a Phishing scam encouraging you to click a malicious link (do not click). “I’VE GOT INSURANCE” … BUT: ARE YOU COVERED FOR HIPAA FINES? Maybe, maybe not: Read the wording on your Cyber Liability or Data Breach Insurance policy carefully. You may be covered for some HIPAA fines, but not all, and although you may have $1,000,000 in coverage, there is often a ‘sublimit’, like a deductible, which could be $200,000, which monies you may still be responsible for. With many HIPAA fines being in the neighborhood of $50,000, that’s a hit directly on your own pocketbook. TODAY ’ S P R A C T I C E : C H A N G I N G T H E B U S INES S OF M EDI C I NE