Small and medium businesses will find themselves faced with several adverse repercussions for noncompliance with HIPAA rules. Businesses that have never been confronted with HIPAA concerns before are now discovering that the guidelines are not limited to “Covered Entities” such as doctors, dentists, hospitals, clinics, pharmacies, insurance companies, and labs, but encompass any business, i.e. legal firms and accountants, that may perform certain functions or activities involving the use or disclosure of protected health information (PHI) on behalf of a Covered Entity. PHI includes medical history, lab results, insurance information, social security numbers, records, and various other types of personal data. In order to remain HIPAA compliant, Covered Entities must have Business Associate Agreements with any third party contractors that have been given access to PHI. If a vendor qualifies as a “Business Associate” but fails to comply with HIPAA regulations, they will meet serious penalties, for example a fine of $1.5 million.
Not only do these business associates need to comply with HIPAA, they must require their own subcontractors that have been given access to PHI do the same. For instance, law firms are required to review their contracts with cloud service providers, expert witnesses and others to ensure those organizations are HIPAA compliant. The chain of liability extends infinitely.
HIPAA compliance is the topic of numerous conversations since several healthcare data breaches have occurred as a result of stolen devices, unauthorized access, miscellaneous errors, or hacking. According to the Office of Civil Rights (OCR), there were over 253 healthcare breaches which totaled more than 112 million records in 2015.
Such regulations are extremely complex. Firms that handle PHI should consider turning to partners who not only have a thorough understanding of the risks but have the resources to ensure all protocols are being met. This is particularly true for smaller firms that may lack some of the on-staff compliance specialists that larger firms retain.
By working with PalmTech, a trusted and experienced partner, businesses can avoid cyber-risks while improving their peace of mind, allowing them to focus on their client needs. Contact PalmTech at (561) 969-1616 or [email protected] before June 10th, 2016 to schedule a HIPAA Evaluation FREE for your
Remember - ignorance is no excuse. As of December of 2015, only 14% of legal firms were in compliance. Doing nothing is not an option. Florida Bar Ethics Rules REQUIRE HIPAA compliance for personal injury, elder law, medical malpractice, and any other practice that accesses sensitive information/protected health information. Call us today for assistance.