One HIPAA violation can kill your client’s business and yours
Stuart R. Crawford / Stuart Crawford
Don’t let a costly HIPAA violation damage or destroy your client’s healthcare organization. An article in Healthcare IT News reported that the Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (MEEI) will have to pay $1.5 million to the U.S. Department of Health and Human Services (HHS) for “potential violations of the HIPAA Security Rule.”
A data breach in February 2010 led to an investigation, conducted by the Office for Civil Rights (OCR), which revealed that “an unencrypted personal laptop containing the electronic protected health information (ePHI) of MEEI patients and research subjects was reported stolen. The laptop contained ePHI – including patient prescriptions and clinical information – of some 3,621 individuals.”
Managed IT services providers (MSP) who specialize in supporting and advising healthcare organizations must remember to keep HIPAA and other healthcare regulations in mind. No one, regardless of how large his organization may be, wants to pay $1.5 million to HHS because his organization failed or was in danger of failing to meet necessary HIPAA regulations.
When talking with clients and prospects, it’s always a good idea to review best practices and ensure that the organization has everything it needs to be compliant with HIPAA and other health regulations. It’s also important to ensure that all employees are doing their part to ensure the safety and security of patient information.
If an MSP business has a client that has to pay a settlement to HHS for potentially violating a HIPAA Security Rule, how long is that MSP business likely to be able to continue serving clients in the healthcare community?