Health Care Providers: Make Sure You Avoid Falling Afoul Of The Law
As a health care provider, it is your legal duty to ensure what you do follows all relevant laws and procedures. You deal with a lot of sensitive patient data, and it’s important that data doesn’t go astray.
In the US, federal HIPAA privacy laws got set up to ensure patient data gets handled in a responsible and safe manner. If it isn’t, health care providers can face violation charges. And that means having to pay substantial fines and deal with potential litigation from patients!
But don’t just take my word for it; here is what American health care providers can expect if they fall afoul of the law:
- An individual didn’t know they broke HIPAA privacy laws. Fines start from $100 to $1.5 million depending on the severity of the problem and whether they are repeat offenders;
- A violation was due to reasonable cause (but not wilful neglect). Penalties start from $1,000 per violation. They can reach up to $1.5 million;
- A violation caused by wilful neglect but corrected in a specified time. Minimum penalty of $10,000. And a maximum annual fine of $250,000;
- As above but uncorrected. $50,000 per violation, rising to $1.5 million depending on the severity.
As you can see, HIPAA compliance fines are rather large! Health care providers over in the United States can take some solace in the fact that the feds can be lenient if they so wish. Still, it hasn’t stopped them issuing several million dollars of fines to non-conformists!
Patient privacy laws in the UK
Here in Britain, patient privacy falls under the Data Protection Act 1998. Most people in the United Kingdom receive their health care from the state – the NHS. The Information Commissioner Office investigates breaches of privacy under the DPA.
NHS trusts in the UK can also get fined if they are found to fall afoul of the law. For example, Brighton and Sussex University Hospitals NHS Trust got fined £325,000 ($511,000). It was found that tens of thousands of patients had their sensitive data leaked into the public domain.
How was this done, you might be asking. It’s quite simple; they sold their old computer hard drives on an online auction site without wiping any data on them first!
Credit / torkildr
How to prevent breaches of patient’s private data
There are plenty of simple steps that health care providers can take to secure patient data. Regardless of which part of the world they are in:
- Physical security. Ensure that security controls are in place to protect data storage locations. Examples include server rooms and those with filing cabinets filled with confidential information;
- Access controls. Only those that “need to know” patient information should get allowed to access it;
- Secure hard drive destruction. When computers become obsolete, the hard drives should get wiped and then physically destroyed in a controlled manner;
- Secure data transmission. Don’t send patient data over unsecure channels like email. Only use secure patient portals.
Health care providers – take note of the above tips!
This article is provided by Brothers Kitchen Blog.
There are no comments on this entry.