Although the ebb and flow of regulatory compliance has shifted erratically in a variety of industries throughout the past several decades, few sectors can compare to the stringency and level of adjustment that has been seen in health care. Medical organizations, as well as virtually any entity that handles health records and patient data, must oblige two important pieces of legislation.

One is the newer Health Information Technology for Economic and Clinical Health Act, which was passed in 2009 and is more in tune with the speed with which medical organizations deploy and utilize advanced solutions, equipment and IT techniques. The other, which is far more focused on patient privacy and data security, is the Health Information Portability and Accountability Act, which was passed originally in 1996 and has been amended more recently.

The high costs of noncompliance
Although data breaches in the retail sector have been hot news lately, health care providers have truly struggled to keep their patient information secure. According to the Identity Theft Resource Center, the organizations in the health care sector have already been breached 161 times in 2014, leading to the exposure of nearly 1.5 million sensitive records.

To put this into perspective, the number of breaches in this industry is almost equal to the volume of incidents in the financial services, business and government sectors combined. Because of how dangerous medical identity theft can become, with consequences ranging from financial theft to patient history fraud – which can be life-threatening – the government continues to crack down on those who do not comply with the law.

As for the costs of violating HIPAA, the American Medical Association points out that the maximum penalty per violation is $50,000, while the maximum annual sum of fines is $1.5 million. Depending on what caused the breach, the price per each incident can be as low as $100 and as high as $50,000.

Minimizing the threat of fines, sanctions and breach
Decision-makers in this sector should not forget that these are only a portion of the total cost when noncompliance led to a data breach, which comes with myriad indirect and direct financial damages.

Tech-II has recognized the increased vigilance and scrutiny of HIPAA audits, and now has two employees who have become Certified HIPAA Privacy Associates, better equipping the firm to meet clients’ technology needs. By leveraging the support and expertise of these professionals and the firm itself, businesses can minimize the risk of HIPAA violations, fines and other calamities proactively.

Peter Farley, Vice President

Tech II Business Services, Inc.