HIPAA Violation Horrors

HIPAA compliance is hard work! It requires storing your physical and digital files securely, having a designated person responsible for HIPAA compliance in your office, and doing your due diligence to make sure that personal files are not easily accessible by anyone in your office. If you’re not compliant, however, the cost could be your company’s reputation, or worse.

Here are the most common consequences your business could face with improper document management.

Stolen Identities

The culprits: We’ve written about ways that you can reduce your risk of identity theft before. Improper disposal of paper documents, such as leaving them in the recycling bin, or trash puts your company at risk of identity theft and committing a HIPAA violation.

The consequence: Every four seconds, an identity is stolen. According to Prime Compliance, what is most commonly targeted are “Billing and insurance records (49%), medical files (46%), payment details (22%), and prescriptions (18%).” Each HIPAA violation has a minimum penalty of $100, and can cost your business up to $50,000 per type of HIPAA violation.

Data Breach that Costs You

The culprits: Protecting your business from data leaks is important. In July, UCLA Health System revealed that hackers may have compromised the sensitive information of as many as 4.5 million patients. (That’s nearly equal to half the population of Los Angeles County!)

The consequence: Fines for data leaks are typically $50,000 per HIPAA violation, with an annual maximum of $1.5 million. So data breaches compromise the security of your patients, damage your reputation, and can cost your business hundreds of thousands of dollars.

Leaking Group Health Plan Information, Unknowingly

The culprits: As of 2014, HIPAA also imposes the same privacy obligations on any employer who provides group health insurance. As this change in legislation is recent, many companies are not aware of how this law affects their business. Often times, it’s insiders who are doing the snooping. This HIPAA violation can happen when a co-worker looks at medical records without authorization, or authorized personnel shares private information with unauthorized co-workers.

The consequence: If employers violate employee privacy, the same fines that are applicable to having a data leak of your client information are applicable to leaking information about your employees. Additionally, fines can be imposed against individuals and the company that discloses the confidential information.

How to Avoid HIPAA Violations

Being aware of what you can do to prevent a HIPAA violation is the first step in protecting your company, and preventing the risks of data breaches in the future. Off-site records storage is the easiest way to ensure that you’re HIPAA compliant. With active records storage, you get the best of both worlds: you store your files successfully off-site, and your records management company delivers them to your site as you need them. You can reduce the amount of paper in your office, and reduce your risk of a paper data breach as well.

Compare & Choose Corodata Records Storage —For Far Less

Damaging Your Good Reputation

The culprits: If your company is found guilty of a HIPAA violation, it is required by law that you disclose this information to all of your clients. When these stories are picked up by the news, they become viral, and the damage to your company’s reputation can become irreparable.

The consequence: When businesses receive bad publicity, this affects consumer confidence and can result in loss of revenue and of jobs. The truth about data breaches is that 88% of customers will cut-off business with companies that have committed a breach of privacy, and 75% of your remaining customers will consider leaving.

Being Sued by a Patient

The culprits: Patients have the right under California law to access complete information about their medical condition and the care provided to them, on demand. If you do not promptly release information to your patients, this is considered a HIPAA violation.

The consequence: A patient can bring action against anyone who illegally denies them access to their own medical records. You and your company can then be charged and found guilty of a misdemeanor under California state law, and damages can be rewarded to the patient. Corodata’s HIPAA compliant online records center allows you to grant patients access to their medical records online.

Related Articles