A $750,000 laptop
It sounds like a high-tech scandal: A data breach with 55,000 health records compromised, including names addresses, Social Security numbers, insurance information and clinical information.
And the fine sounds like it must be a massive operation: The Office of Civil Rights (OCR) levied a $750,000 fine on the organization responsible for the breach.
But the reality sounds much closer to the life most of us live. An employee laptop was swiped out of his car. The laptop was not encrypted. The company is called Cancer Care Group, a small business in Indianapolis with 13 oncologists and 24 total employees listed on LinkedIn.
The compliance issues facing healthcare practices are massive. HIPAA is not always at top of mind. But the fine was so steep because HIPAA was so widely disregarded.
According to the OCR release, Cancer Care Group was non-compliant with the HIPAA Security Rule before the breach even occurred. The practice failed to have a written policy in place regarding mobile and electronic devices which could have significantly reduced the chances of a breach occurring, according to Jocelyn Samuels, OCR Director.
Along with failing to have a written policy in place, Cancer Care Group did not administer a risk analysis after the breach occurred.
Do you have a written plan?
Have you executed that plan?
If the OCR called today, you’d only have 10 days to respond. If that call came today, would you be ready?
It’s not an unlikely scenario: HIPAA audits are on the rise. The Office of Civil Rights was granted a budget increase of 10% this year which gives them the ability to fund more audits. With only 10 days to respond to an audit, it is important to be prepared and have the proper policies and procedures in place.
Getting HIPAA compliant is a daunting task. ASMGi offers a quick way to get on track to HIPAA compliance. Our QuickStart package includes document and strategy templates to help you build a security plan that works and meets requirements.
We include customizable policies and procedures, a HIPAA Risk Assessment Tool, 4 consulting hours and more to put the right safeguards in place for your organization.
We’re here to help.