HIPAA Violation Horror Story Hour
HIPAA compliance is hardly a breeze. It requires storing your physical and digital files securely, having a designated person responsible for HIPAA compliance in your office, and doing your due diligence to make sure that personal files are not easily accessible by anyone in your office. If you’re not compliant, however, the cost isn’t just monetary—it could be your company’s reputation, too.
Here are the most common consequences your business could face with improper document management.
The culprits: We’ve written about ways that you can reduce your risk of identity theft before. Something as simple as the improper disposal of paper documents, such as leaving them in the recycling bin or trash, puts your company at risk of identity theft and committing a HIPAA violation. A Dumpster diver cost an Illinois firm a $100,000 fine, for example.
The consequence: Every two seconds, an identity is stolen in America. Medical identity theft is on the rise: In 2014, there were 2.3 million identified cases of medical identity theft, a 22 percent increase from the previous year. Each HIPAA violation has a minimum penalty of $100, and can cost your business up to $50,000 per type of HIPAA violation.
Data Breach that Costs You
The culprits: Protecting your business from data leaks is important. More than 4.4 million health records were exposed in the third quarter of 2018, and though hacking is increasingly responsible, theft and unauthorized disclosures are still the biggest culprits for this kind of exposure.
The consequence: Fines for data leaks are typically $50,000 per HIPAA violation, with an annual maximum of $1.5 million. Data breaches compromise the security of your patients, damage your reputation, and can cost your business hundreds of thousands of dollars, if not more. Anthem, Inc. suffered the biggest health data breach in U.S. history in 2015, exposing the health information of nearly 79 million individuals—and paid a massive $16 million fine to the Office for Civil Rights in 2018.
Leaking Group Health Plan Information, Unknowingly
The culprits: In 2014, HIPAA also imposed the same privacy obligations on any employer who provides group health insurance. Though this was a number of years ago, companies may still be unaware how this law affects their business. Often times, it’s insiders who are doing the snooping. This HIPAA violation can happen when a co-worker looks at medical records without authorization, or authorized personnel shares private information with unauthorized co-workers.
The consequence: If employers violate employee privacy, the same fines that are applicable to having a data leak of your client information are applicable to leaking information about your employees. Additionally, fines can be imposed against individuals and the company that discloses the confidential information.
How to Avoid HIPAA Violations
Being aware of what you can do to prevent a HIPAA violation is the first step in protecting your company, and preventing the risks of data breaches in the future. Off-site records storage is the easiest way to ensure that you’re HIPAA compliant. With active records storage, you get the best of both worlds: you store your files successfully off-site, and your records management company delivers them to your site as you need them. You can reduce the amount of paper in your office, and reduce your risk of a paper data breach as well.Compare & Choose Corodata Records Storage —For Far Less
Damaging Your Good Reputation
The culprits: If your company is found guilty of a HIPAA violation, it is required by law that you disclose this information to all of your clients. When these stories are picked up by the news, they could go viral, and the damage to your company’s reputation can become irreparable.
The consequence: When businesses receive bad publicity, this affects consumer confidence and can result in loss of revenue and jobs. The truth about data breaches is that 88% of customers will cut-off business with companies that have committed a breach of privacy, and 75% of your remaining customers will consider leaving.
Being Sued by a Patient
The culprits: Patients have the right under California law to access complete information about their medical condition and the care provided to them, on demand. If you do not promptly release information to your patients, this is considered a HIPAA violation.
The consequence: A patient can bring action against anyone who illegally denies them access to their own medical records. You and your company can then be charged and found guilty of a misdemeanor under California state law, and damages can be rewarded to the patient. Corodata’s HIPAA compliant online records center allows you to grant patients access to their medical records online.
Increase Offline Theft Awareness in Your Office
Get Corodata's "7 Data Breach Risks in Your Office You Never Thought Of" poster delivered right to your inbox. Download, print, and hang it to keep data protection at the forefront with your employees.