HIPAA Enforcement – Breaches and Random Audits
Odds of having a HIPAA audit by OCR (Office for Civil Rights) in 2014 or 2015:
The good news is OCR announced in February that they will be conducting only 1200 HIPAA audits in 2014 which is really nothing when there are 700,000 Covered Entities out there. In which case, everyone should stop worrying about audit and go about running a practice as usual, right?
Well, if fear of audit is the only thing that concerns you then the answer is yes.
The problem is that the chances of Data Breach is extremely high due to poorly managed networks at most Medical facilities which eventually results in investigations and fines. Did you know that in 2012 and 2013 there were almost 24,000 complaints filed with the Office for Civil Rights? Compare that 24000 with 115 audits done in that same time span and you can easily see that having a HIPAA audit should be the least of your worries.
We face a disastrous outcome WITHOUT the added securities at our Airports, and everyone has come to accept and agree with that ever since the unfortunate events of 9/11. Well, in a similar way, disaster in the form of Data Breach could easily strike WITHOUT the required Information security systems and personnel to keep the identity thieves out of our networks. None of us wants to have to deal with PUBLIC admission process of notifying all patients of a breach or paying hefty fines.
How would a practice monitor and maintain a constant level of security you ask?
Since it is practically not economical to have a computer technician assigned to each one of your computers to monitor its health and security 24 hours a day seven days a week (even at 10.00/hour the figure would be 72,000.00/month to maintain 10 computers, and yes it is crazy).
Well, as they say: “necessity is the mother of invention!!!”
A few years ago some genius software developers came up with the idea of creating smart programs capable of performing all the tasks normally done by a computer technician, plus keeping an eye on signs of trouble in order to send alerts. Then started licensing their virtual technicians to professional IT firms in large quantities (volume pricing). These automated virtual technicians don’t sleep, don’t take lunch breaks, bathroom breaks, cigarette breaks, aren’t limited to two hands, don’t have attitudes, and don’t huddle around water cooler). They are focused on the task of brushing and flossing your computer’s teeth and actively monitoring your Antivirus plus Anti Malware software to avoid bacteria growth, painful root canal, and worst of all an extraction. They will report all critical issues to the IT professional firm in charge of your systems to be looked into and taken care of.
The best part is they are VERY economical when licensed in large numbers so a professional IT firm with credentials in Health Care IT should be able to maintain a fairly secure environment, and keep your computers from breaking down without charging you an arm and a leg. Imagine getting all the benefits above plus unlimited help desk and problem resolutions for a fixed monthly fee equivalent to LESS THAN what you would pay a front office or back office staffer!
There, you can relax now. No need to figure out how to come up with 72 grand a month. You can go back to practicing medicine again.