Healthcare organizations and their business associates are entrusted with sensitive information; as such, they have a duty to ensure that all patient records are safe from unauthorized access. In compliance with the Health Insurance Portability and Accountability Act (HIPAA), hospitals, clinics, and their affiliates or vendors need to implement secure document storage methods such as restricting access to documents on a need-to-know basis as well as creating and securing backup copies of electronic and physical records.
With the passing of the HIPAA Omnibus Rule in March 2013 and its subsequent enforcement in September 2013, greater accountability is expected of healthcare organizations and their business associates. Healthcare Info Security writer Marianne Kolbasuk McGee has this report:
“Too often, organizations view compliance with the HIPAA privacy and security rules as a burdensome expense, rather than a valuable investment, [CynergisTek vice president of privacy and security compliance services David] Holtzman says.
They need to keep in mind, for example, that under HIPAA Omnibus, non-compliance penalties range up to $1.5 million per HIPAA violation. Plus, they need to be aware that OCR has promised to ramp up its HIPAA compliance enforcement in 2014, including launching a permanent HIPAA compliance audit program and intensifying breach investigations in light of the HIPAA Omnibus Rule’s modified breach notification rule.
And under HIPAA Omnibus, not only are covered entities, such as hospitals, physicians and health plans, liable for HIPAA compliance; so too are their business associates. That includes cloud services providers and other technology services vendors who handle patients’ protected health information, as well as their subcontractors.”
To steer clear of such stiff penalties as well as the possibility of lawsuits, healthcare organizations would do well to choose their third-party document management providers with care. HIPAA-compliant document storage companies such as Spectrum Information Services offer the kind of controlled records storage, access, and retrieval services that companies need for optimum security.
(Article Information and Image from Pressure to Protect Health Data Intensifies, Healthcare Info Security, 10 January 2014)