Tag Archives: HIPAA

HIPAA Privacy and Security Breach Enforcement: Does Anything Ever Happen??

Most of us have been in the health IT field for quite some time.  Some of us have even been around long enough to have implemented the original HIPAA transactions and provisions back in 2003.  One of the original provisions surrounded privacy and security.  As electronic transactions become increasingly common within what we do in healthcare, additional measures must be taken to ensure that PHI (protected health information such as name, SSN, DOB, and other sensitive and identifiable information) must be kept secure.

Is this all lip service?  Is anyone enforcing this?

The answer is no and then yes.  No, it’s not just a bunch of words.  Yes, the federal government is investigating potential breaches, and more importantly, levying fines to ensure this doesn’t happen again.

One lost thumb drive w/patient PHI from a dermatology practice in New England?  $150,000 fine.  A leased photocopier w/thousands of documents w/PHI from a New York payer?  $1.2 million fine.

The magnitude of these judgments should make us all be a little more aware the next time we are asked by our clients to undergo HIPAA Business Associates training.