by Ron Benvenisti. This post is going to be short, but not sweet. In fact, some of it will come as bitter medicine.
Not only for the patients that were affected but also the many healthcare practices and providers that are not careful enough about safeguarding Electronic Private Healthcare Information.
The following statistics are from the U.S. Department of Health and Human Services Office for Civil Rights. Each one of these NY and NJ practices is under investigation for breach of the Health Insurance Portability and Accountability Act (HIPAA) by the Office of Civil Rights.
- Check the practices and providers on this list to see if you are an insured or patient.
- If they have not contacted you directly by mail, contact them to see if your information has been compromised.
- If you are a practice or provider, take note of the variety of type of entities that have been compromised. From single practitioners to large hospital corporations and everything in-between.
- Notice that most of these entities DO NOT have a HIPAA Business Associate who is the liaison between the OCR, CMS, ONC, and the numerous other federal and state agencies that have oversight and enforcement and the provider’s insurance companies. Even healthcare insurance companies need to carry cyber-insurance. The Business Associate is the legal protection who is responsible for ensuring the practice’s policies are implemented properly and that all items are compliant.
- If you don’t have one, get one. The risk of fines, business continuity, lawsuits and business reputation is huge.
- Make sure your IT and third party suppliers and service providers are HIPAA compliant. Ultimately it is your responsibility. Your door is the one that gets knocked on.
People, check the list and make sure your information has not been breached. Providers, get a business associate and review your third-party contracts with a lawyer and security analyst. Use an independent objective security analyst to make sure your policies fit your processes and procedures and take into consideration every possible connected person and item, whether inside or outside, from cell-phones to infusion machines that are in your business chain, including your medical equipment and drug suppliers.