Non-compliance Penalties – Aegify https://www.aegify.com Comprehensive Security, Risk and Compliance Assurance Solution Wed, 03 Aug 2016 00:23:44 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 Irrespective of business size, Pay Huge Penalities for HIPAA Non Compliance https://www.aegify.com/irrespective-of-business-size-pay-huge-penalities-for-hipaa-non-compliance/ https://www.aegify.com/irrespective-of-business-size-pay-huge-penalities-for-hipaa-non-compliance/#respond Mon, 07 Jan 2013 06:49:50 +0000 http://www.egestalt.com/blog/?p=408 Regardless of size, covered entities need to take action and will be held accountable for safeguarding their patients’ health information. This is a fact that the non-profit Hospice of North Idaho learnt the hard way. In the first of its kind, a federal investigation of a health information breach, that affected fewer than 500 individuals…

The post Irrespective of business size, Pay Huge Penalities for HIPAA Non Compliance appeared first on Aegify.

]]>
Regardless of size, covered entities need to take action and will be held accountable for safeguarding their patients’ health information. This is a fact that the non-profit Hospice of North Idaho learnt the hard way. In the first of its kind, a federal investigation of a health information breach, that affected fewer than 500 individuals has resulted in a penalty for HIPAA violations.

The breach at the Hospice of North Idaho was listed on Dec. 31 as a new example on the enforcement activities and results section of the HHS website. The $50,000 settlement in the case, involved the theft of an unencrypted laptop computer from the non-profit Hospice. The  laptop which was assigned to a Hospice nurse and part of an inventory of laptops used by nurses, was stolen from the employee’s car in June 2010. The stolen laptop contained protected health information of 441 individuals. That included patient names, addresses, dates of birth, Social Security numbers, diagnoses, medications, lab results and other treatment information.

This case just reiterates the reality that a HIPPA violations can cost you significantly more than a mere legal penalty. You can end up paying substantial remediation costs and administrative fines regardless of the number of individuals affected. The OCR investigation concluded that the Hospice had not conducted a risk analysis to safeguard electronic protected health information. HIPPA Security Rule requires policies and procedures to address mobile device security. In case any employee fails to comply with the security and privacy policies and procedures, the healthcare  organization must , promptly investigate the matter and notify HHS within 30 days, offering a description of actions taken to mitigate harm.

Industry experts are of the opinion that this incident yet again reinforces the need for organizations to improve their HIPAA compliance efforts. While it is evident that OCR is ramping up HIPAA enforcement, healthcare entities also need to understand that preventing a breach would most certainly cost significantly lesser than paying a penalty and taking corrective action after the breach has occurred, paying a settlement and losing the reputation of the organization.

There is a need to be fully compliant with HIPAA rules at any given point in time. Investing in a solution like SecureGRC, can help take care of all the security requirements with its in-built HIPAA compliance framework, that helps organizations to combat any security challenge.

The post Irrespective of business size, Pay Huge Penalities for HIPAA Non Compliance appeared first on Aegify.

]]>
https://www.aegify.com/irrespective-of-business-size-pay-huge-penalities-for-hipaa-non-compliance/feed/ 0