HUB TechMinutes

Work smarter with the latest business technology news, tips and events.

HUB TechMinutes

Better business through better information.
2 minutes reading time (499 words)

Are Healthcare Providers Meeting HITECH Standards?

Are Healthcare Providers Meeting HITECH Standards?

Compliance can be difficult for some businesses. They might know that it’s a necessity--and may even know what they have to do--but they just have trouble implementing practices that are designed to guarantee the meet their regulatory responsibilities. PIPEDA/HIPAA and HITECH compliance laws in particular are difficult to navigate, and the results of failing to adhere to them can be dire.

Just a few years ago in 2016, the US Office for Civil Rights (OCR) and the US Department of Health investigated data breaches; the results of this investigation led to identifying several violations of these laws. A total of 12 settlements were the results of this investigation, as well as one civil penalty, that amounted to claims of approximately $25,505,300 in fines.

The numbers in 2017 are slightly more optimistic. This past year, there were only nine HIPAA settlements and a single monetary civil penalty paid totaling $19,393,000 in fines. While it’s clear that something is working, it’s not clear what exactly is or isn’t, but we know one thing for sure. Businesses don’t want to pay money for failing to adhere to compliance laws, but this doesn’t stop everyone from meeting their requirements.

The types of violations that led to these penalties aren’t particularly varied. Most of them stemmed from a failure to protect protected electonic health information, or ePHI, but there are a couple that come from different reasons. Here are a few other reasons:

  • Insufficient ePHI access control
  • Impermissible disclosure of ePHI
  • Careless handling of ePHI
  • Multiple PIPEDA/HIPAA violations
  • Delayed breach notifications
  • Lack of security management process
  • Lack of a business associate agreement

Another notable trend can also be seen in the failure of organizations to secure their mobile devices in a way which complies with PIPEDA/HIPAA and HITECH. Furthermore, there is also a failure to implement proper security processes and delaying notification of breaches at the heart of these fines.

Recently, a well-publicized lawsuit was filed in US federal court against 60 Indian hospitals over a failure to adhere to the HITECH Act. These hospitals had allegedly failed to provide records and documentation for as many as 50% of their patients within three business days of the request. As one of the requirements of receiving funding from the HITECH Act, this is a big issue for hospitals.

As a result of these failures, these hospitals face charges of well over $1 billion for failing to provide healthcare documents when asked to produce them. They obtained $324 million through the HITECH Act, but failed to adhere to its laws. Additionally, the hospitals violated the Anti-Kickback Statute and the False Claims Act for claiming falsely that they met the requirements of the HITECH legislature.

While it’s true that not all businesses need to consider healthcare compliance, it’s more likely than not that your organization works with some sort of sensitive information that is subject to compliance laws. To find out now if your organization is in trouble with compliance laws, reach out to us at 204-772-8822.

This Week’s Tech Term: Blockchain
Is Your Printer Wasting More Money Than it’s Worth...


No comments made yet. Be the first to submit a comment
Monday, January 21, 2019

Captcha Image

Happy Clients

Don't Miss Our Next Newsletter!

Subscribe to our free monthly newsletter! It's packed with valuable information, useful tips, and important security alerts.
* indicates required
Your email address is secure with us - we never share our subscriber information.

HUB Tech Minutes

31 January 2019
The healthcare industry is notorious for its reliance on technology these days. With so many compliance laws and procedures that must be followed in the correct way, many businesses have turned to technology to make their jobs easier. Medical IT in p...
28 January 2019
The cloud gives businesses just like yours the tools to become more productive throughout the workday, but no two organizations are the same. Your business’ needs will differ from others like you. How can you make sure that you have the tools needed ...
24 January 2019
Has your business taken measures to protect its future from unfortunate events? By this, we mean any situation where your business faces certain annihilation at the hands of a data loss incident, natural disaster, or user error situation. Of course, ...