In case you missed it: Part three of my series on HIPAA from Dentalcompare.
Actually there is a get out of jail free card that could save you: data encryption. Otherwise you are guilty. Even if there is no evidence that your data has actually been used or anyone has experienced any harm, you are guilty…
One of the penalties is your office will be listed on the Health and Human Services “Wall of Shame”.
This is a web page that lists every reported breach affecting 500 or more individuals. The site lists the following six types of breach:
- Theft – 50%
- Unauthorized Disclosure – 16%
- Loss – 12%
- Hacking – 8%
- Improper Disposal – 4%
- Unknown – 2%
The percentages are approximate and some incidences have multiple breach types listed.
Theft accounts for half of the reported breaches. Commonly a laptop is stolen. In addition, servers are stolen from offices, and backup drives are stolen from the back seats of cars. Unauthorized disclosure usually involves individuals accessing files they shouldn’t. This could be an ex-wife looking up her ex- husband’s file or something similar. Larger disclosures involve the sending of information such as an EOB to the wrong people. Loss is self-explanatory. Improper disposal can be paper files left in a dumpster or digital records on a drive.
If practice data is lost, stolen or even misplaced the HIPAA rules assume you are guilty of a data breach. The vast majority (approaching 100%) of these incidents do not result in harm to patients.
If you do not report a data loss then you are guilty. If you do report it you are guilty and will be required to jump through numerous and costly hoops. If you report the loss and do not have the paperwork in order you will be guilty and will be fined.
I have developed a full course on HIPAA compliance that follows the series of articles in Dentalcompare. The compliance process is not easy. The ADA has created a guide to help but even with the guide the process is daunting. Most dentist will need to consult with their IT provider to do the assessment and create the paperwork needed to comply. If you need some help contact Pact-One.