There has been a lot of inspiring news about Olympic records this month, but one record was set recently without such a happy ending.
We were saddened to read that a new record was set for a HIPAA fine by an individual entity.
Advocate Health Care was part of a $5.55 million settlement with the Office of Human Rights (OCR), which is the Federal agency responsible for the enforcement of HIPAA.
Advocate Health Care has been a leader, growing as an integrated health care system since 1995 -- about the same time as ClickCare was starting. In 2014, they developed a respected and widely used patient portal. They also developed an eICU program with the Arizona Telemedicine Program.
Three HIPAA breaches, self reported, between August 23 and November 1, 2013 -- a mere 9 weeks -- prompted the investigation.
The OCR announcement highlights the intent of this new $5.55 million record fine:
“We hope this settlement sends a strong message to covered entities that they must engage in a comprehensive risk analysis and risk management to ensure that individuals’ ePHI is secure,” said OCR Director Jocelyn Samuels. “This includes implementing physical, technical, and administrative security measures sufficient to reduce the risks to ePHI in all physical locations and on all portable devices to a reasonable and appropriate level.”
The previous HIPAA fine record was $4.8 million -- and here are the top 10 HIPAA fines before Advocate Health Care's.
We get saddened and frustrated when we hear news of these fines, because we know that the fine money could be spent on innovation, helping patients, and improving care.
And we know that most HIPAA fines and breaches are completely avoidable.
For instance, a stolen, institution-provided, iPhone resulted in even a well meaning charity being fined this summer. Catholic Health Care Services of the Archdiocese of Philadelphia was fined $650,000 because the ePHI of 412 nursing home residents was compromised.
The truth is that iPhones can be safe for ePHI if the correct software is used. Photos of patients should never be saved on your phone's camera roll, but that doesn't mean you can't use your iPhone to securely take and share patient photos.
The bottom line? Take HIPAA seriously. But don't do it by isolating yourself or giving up on care coordination or medical collaboration. Stay HIPAA compliant even as you do the things you went into medicine to do -- it doesn't have to mean a fine.
We put together a guide to staying HIPAA safe -- download it here: