Dramatic Rise in HIPAA Compliance Issues in 2011

A recent HIPAA compliance survey conducted by the Ponemon Institute paints a worrying picture about the state of healthcare compliance. Data breaches have risen sharply over the past 12 months and data security issues continue to plague healthcare organizations, with the problem appearing to be getting worse rather than better.

The survey showed that data breaches having increased by 32% over the course of the past 12 months, while 92% of the healthcare institutes surveyed claimed to have been affected by at least one security breach over the course of the previous two years. Many of these breaches involve just a handful of records, but some have caused major exposures of Protected Health Information and have affected millions of Americans.

The Department of Health and Human Services is now cracking down on non-compliance issues and is already planning a new series of audits to ensure healthcare providers, health plans and other covered entities are following HIPAA regulations. The Joint Commission on Accreditation of Healthcare Organizations has stepped in and is helping to tackle a major area of HIPAA non-compliance – text messaging by physicians – and has issued a ban on the use of SMS for security reasons.

Attention to data security has been brought to the attention of federal agencies as well as the general public following a run of major data breaches affecting the healthcare industry and data breaches have been heavily reported in the media. As a result HIPAA-covered organizations are now being subjected to increasing scrutiny and HIPAA is being more rigorously policed by federal agencies.

Healthcare organizations failing to adhere to data privacy and security regulations face stiff financial penalties from the OCR, fines from the Offices of Attorney Generals and the threat of class action lawsuits from the victims of data breaches. Now, in addition to civil penalties, criminal charges may be filed for HIPAA violations.

Data suggests that breaches are costing the healthcare industry dearly, with an average expenditure of $2.2 million per data breach, not to mention the damage that is caused to an organization’s reputation.

The increase in electronic communications is an area of particular concern in healthcare. Largely outdated communication systems such as faxes and pagers are being replaced with mobile phones, E-mail and text messages, yet these methods of communication lack the security controls to be safely adopted.

Over the coming year, policies need to be updated and new security measures implemented to allow healthcare professionals to take advantage of new technology while ensuring that patient health information is properly protected.

Healthcare institutions must take greater care to ensure the appropriate physical, administrative and technical safeguards are employed to protect patient data, the staff must be trained on HIPAA data security rules and upgrades should be made to IT systems to prevent unauthorized data access and security risks must be managed more effectively to ensure patient data is kept secure.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.