According to a high-ranking attorney in the Department of Health and Human Services (HHS), penalties under the Health Insurance Portability and Accountability Act (HIPAA) are likely to increase substantially over the next year, continuing the increases that have already been seen. Since June 2013, HHS has received more than $10 million in alleged HIPAA violation fines.
HHS Chief Regional Civil Rights Counsel Jerome Meites made this prediction at an American Bar Association conference in Chicago. Though this was not an official statement of the HHS, Meites said that “Knowing what's in the pipeline, I suspect that that number will be low compared to what's coming up."
Meites believes that high-impact cases and high penalties may force the industry to improve its security practices.
The HHS recently rereleased its latest report on Breaches of Unsecured Protected Health Information, covering the calendar years 2011 and 2012. In this report, device theft is still the leading cause of information breaches in healthcare.
As you can see in the above graph, theft continues to account for the majority of data breaches. In 2011 and 2012 combined, over 3.8 million individuals were affected by data breaches related to the theft of electronic equipment and portable devices. The most common devices stolen are laptops, desktop computers and other portable electronic devices such as hard drives and USB drives. In most cases, devices are stolen from offices after-hours or from employee cars.
Despite the media attention that hacking gets, healthcare organizations still need to pay particular attention to device security given the prevalence of thefts. As the increase in HIPAA fines shows, it is important to pay attention to security protocols you had in place before the data breach ever occurs. With proper safeguards in place, you can comply with regulations such as HITECH / HIPAA, allowing you to safeguard data and avoid costly data breach notification costs and fines.
Learn more about our Healthcare solutions here.