The healthcare industry is incurring a higher rate of data breaches than any other industry.

This makes HIPAA regulations of critical importance to doctors and healthcare organizations of every size. Patients (rightfully) demand it as a protection of their personal information. Not doing so, can cause a HIPAA Violation that can be exceptionally devastating to a business. Besides being an important step in protecting their patients, it’s also a great business practice to know how to keep data safe.

Some small clinics may think that because there are larger organizations to keep an eye on, they wouldn’t get investigated. But, they may be surprised by just how many investigations are initiated by a single patient complaint.

What is HIPAA Law?

HIPAA is the Health Insurance Portability and Accountability Act. There are 5 major rules of the act that covers: privacy, security, transactions and code sets (TCS), unique identifiers, and Health Information Technology for Economic and Clinical Health (HITECH) enforcement.

This act was created to develop a national standard of how medical professionals need to protect individuals’ medical records and other personal health info. Patients now have much more control over their health information. Boundaries have been set on the use and release of their health records. HIPAA violations are investigated by the U.S. Department of Health and Human Services in conjunction with the Office for Civil Rights.

How Do HIPAA Violations Occur?

Many people are surprised when we tell them that the single biggest threat is from inside of a healthcare organization. According to McAfee, insiders (including doctors, and other healthcare professionals) are responsible for 43 percent of data breaches. The Information Security Forum puts that number at 54 percent.

These are not usually actions with malicious intent. Human error plays a significant role in data breaches. Here are two easily done HIPAA violations:

  • Lost or Stolen Devices – Laptops and mobile phones are easily lost or stolen. When the theft includes Protected Health Information (PHI) stored on the phone it becomes a HIPAA violation.
  • Texting Patient Information – When using standard texting software on your phone, it ’s too easy for information to be stolen by cybercriminals.

More examples of human error resulting in data breaches include improper disposal of records, sharing of photos with patients on social media, and accessing patient information on home computers or public wifi networks.

Who Does a HIPAA Violation Affect?

When a HIPAA violation occurs, it is damaging for the doctor and the patient alike. Potential attackers will specifically target healthcare providers to obtain medical records, financial records, and intellectual property. This doesn’t just threaten the patient’s security. On average, medical identity theft victims pay $13,500 to resolve the issue.

When the violation is reported and action is taken against the doctor or clinic, there is usually a significant fine. The fines are adjusted based on the severity of the violation but can range anywhere between $100 to $1.5 Million, and can even include prison time.

Besides the fines, doctors can also be impacted by potential lawsuits, a disruption of care, damage to their reputation, and loss of patient’s trust.

HIPAA Violation Fines

The fines that doctors or clinics can receive for violating regulation are significant and can be highly destructive for their business. To determine the fine, the Department of Health and Human Services have created four tiers of severity.

  • Tier 1 – The least severe violation. In this tier, the violation was unknown, and would not have been known while exercising reasonable due diligence. These violations are often covered by cyber insurance. Cyber insurance is important to have because it’s usually excluded from professional liability insurance policies. Fines can range from $100 to $50,000.
  • Tier 2 – In this tier, the violation had a reasonable cause, but was not due to willful neglect. Negligence due to “sticking your head in the sand” automatically raises the violation to Tier 2. Fines can range from $1,000 to $50,000.
  • Tier 3 – When this violation occurred, it was due to willful neglect, but it was corrected within a reasonable time period. Fines in this category can range from $10,000 to $50,000.
  • Tier 4 – The most severe violations are in tier 4. This is when the violation was due to willful negligence and no attempts were made to correct the violation. The fines in this tier range from $50,000 up to $1.5 million with a potential jail sentence.

Becoming HIPAA Compliant as Small or Medium Healthcare Organizations

It is important for small and medium-sized organizations to understand they will never reach the perfect state of 100% compliant. It would simply be cost prohibitive to do so. What we do recommend is finding the biggest risks and solving those first. From there we advocate for building a clinic culture of compliance and ongoing education.

This involves doing a full assessment, creating processes and procedures, educating employees and management, and using security applications and technology.

How We Cover HIPAA Compliance

When we start working a doctor or clinic, the first step is to do a comprehensive HIPAA security review. This is to determine their current state of compliance and any specific violations they may have already had. We tie each HIPAA rule to an assessment question, then we rank the likelihood, impact, and risk of not being in compliance with that rule.

Some of the Questions We May Ask our HIPAA Compliance Clients are:

  • Does your organization control access to electronic PHI and other health information by using encryption/decryption methods to deny access to unauthorized users?
  • Do employees ever leave an unlocked computer alone in a room with an unauthorized employee or patient?
  • Can employees identify potential ransomware? If so, do they know what to do with it?
  • Do employees know how to use their phone and computer in a HIPAA compliant manner when using public or hotel Wi-Fi?

Benefits of HIPAA Compliance Assessment

For each rule, we share with our client solutions for ensuring their compliance. Which includes improving their processes, procedures, education, and technology. This, in turn, helps a clinic to make more informed decisions on where to focus their efforts and resources with remediation.

For example, those two HIPAA violations we mentioned above both have quick fixes to prevent the violation. We would password protect and encrypt most devices like phones and laptops. Then, we would also install encryption for texting to allow safe communication of PHI.

Going through an assessment like ours can lessen the penalties associated with violations. Generally, when you have an assessment and a plan in place, you can keep a violation in tier 1, the least severe.

How to Prevent a Violation

According to the Ponemon Institute’s Annual Study on Medical Identity Theft, 68% of patients aren’t confident in the measures taken to protect their medical records. It’s important not only for the patient but the clinic too, that each and every staff member knows their role in HIPAA compliance.

With only 33 percent of healthcare providers believing they have sufficient resources to prevent a data breach, education is critical. We always advocate that our clients focus on education and training. Ensuring that the office staff understands their role in HIPAA compliance is a critical part of protecting their patients’ medical records. It takes a commitment to make internal training a priority and continuing to educate the staff of the proper processes and procedures.

Since we are considered business associates to our healthcare clients, we are required to be HIPAA compliant as well. We practice what we preach with constant HIPAA training along with reviewing and updating our processes and procedures. To make sure your business is kept safe too you must have plans set in advance.

The Five Security Tests We Use In HIPAA Compliance Audits

We always perform five tests when helping clients become HIPAA compliant. Learn more about these necessary tests!

Staying HIPAA compliant is a critical move all doctors and clinics need to do. It keeps your patient’s information safe and keeps your business safe from hefty fines. These regulations are also good business practices for ensuring every staff member is on the same page and takes their position seriously.

Interested in your company’s HIPAA compliance? Let’s chat.

You spend the majority of your week at work, which is why we believe it is so important to be in a positive work environment.

Environment and organizational culture are crucial to employee satisfaction and can have detrimental effects on the workplace no matter what industry you are in. Here at Guardian Computer, we pride ourselves in maintaining our healthy work environment and culture.

A positive organizational culture is critical to success!

Why Is Organizational Culture Important?

A work environment is the location where employees are completing their tasks, and the benefits of working at a company. The culture is the personality of the company itself.

The main reasons we believe work culture is so important are:

  • Maintaining retention, and reducing employee turnover.
  • Encouraging happier employees, which results in positive client relationships.
  • Showing appreciation to employees, which shows that their work is not done in vain.
  • Open communication and transparency, which builds trust with the staff.

For example, Southwest is one of our key role models for the ideal company culture. They value their employees above all else, and they ensure they work in a fun and casual environment. They also commit themselves to provide excellent salaries and benefits along with empowering and appreciating their employees.

Maintaining Retention

In a negative work environment, employee turnover rates can be high. But it’s not always because the employees don’t like the job they are doing. Usually, it’s because they don’t enjoy the work environment or organizational culture they are in.

Having unhappy employees on your hands isn’t great, and having a high employee turnover rate is bad for business! There can be costs when the employee leaves, the costs of hiring new employees, and the cost of training those new hires.

A positive organizational culture is critical to success!

We are proud to say that in over 20 years of business, we haven’t had one single employee quit at Guardian Computer. We don’t believe in the old mantra of “leave your problems at home”. Our office is our employees’ home away from home. Coming to work in our pajamas, bringing our children, and even bringing a puppy to the office are all a-okay!

A positive organizational culture is critical to success!

Encouraging Happy Employees

Happy employees lead to having great pride in their company. When our employees come to work, we want them to come to work feeling good about themselves and their families. Work should be a place where employees feel safe and comfortable rather than stressed or upset. No one wants to miss their child’s afternoon soccer game or not be able to take their elderly parent to a doctor’s appointment.

“We started Guardian Computer in our home because we were having trouble with daycare, and balancing our work and family life. That set the tone for our company culture of making our employees’ personal lives a priority” says our president, Jean Prejean. Employees can concentrate better at the office when they know their family comes first.

We firmly believe that if we take care of our employees, they’ll take care of our clients. Our clients are a part of our work family too, so we strive to have our organizational culture spill over into our interactions with them! We can make the client experience more pleasant with a simple explanation in plain English and a brief chat about our client’s kids. That makes a big difference.

Showing Appreciation

Recognition and appreciation motivates employees and shows them that their work is valued. According to Glassdoor, more than 80 percent of employees say they are motivated to work harder when their boss shows appreciation for their work.

Some ways to show appreciation and recognition are bonuses, raises, and promotions. Our employees appreciate knowing that everyone receives an annual raise due to their personal work performance and the company’s performance. “We never want anyone to think we haven’t noticed their performance or haven’t bothered to review their pay,” says Jean.

Building Trust

Honesty, sincerity, and transparency are the key elements to building trust within your work environment. From celebrating accomplishments to providing support during rough times, we make sure to show our employees our sincerity and commitment to them. It can be something as simple as giving someone the afternoon off if their child kept them up all night or giving a gift card for someone to take their spouse to dinner on their anniversary.

We go out of our way to be as transparent as possible. Open and honest communication helps to solve many difficulties in a positive light. For example, every six months at our team meeting we review the financials, the trends, and goals. This makes sure our employees know what’s going on within the company. Having open communication can also encourage employee feedback. Employee feedback is important because it can be valuable information that in turn helps to make the company better.

Some companies let their organizational culture define itself and it takes a backseat to balance sheets and productivity metrics. At Guardian Computer, we intentionally put our company culture and a positive work environment at the top of our priority list. We are constantly looking for ways to improve the quality of life of our people, both in and out of the office.

Want to join our work family – as an employee or a client? Let’s chat.