When Was Your Last HIPAA Risk Assessment?
Jun 22, 2023 Germany Caushi Blog | Cyber Security | Data Storage | Security Assessments | Data Protection | Healthcare 1 min read
Cybersecurity is often overlooked, especially among smaller healthcare practices that assume they can fly under the compliance radar. Additionally, some practices lack resources to invest in robust compliance and security solutions, or have a small staff focused on other priorities. However, not being compliant can pose significant risks including data breaches and costly HIPAA non-compliance fines.
The Sourcepass team understands how complicated HIPAA compliance can seem to healthcare practices focused on treating patients. Sourcepass can conduct a HIPAA compliance assessment and create a plan to address any identified non-compliance risks.
You Can’t Afford to Cut Corners on HIPAA Compliance
Non-compliance with HIPAA regulations may lead to significant consequences, both financially and legally. Fines for violations range from $100 to $50,000 per violation, with a maximum penalty of $1.5 million for repeat offenses. Serious violations can even lead to criminal charges, potentially resulting in jail time.
One such violation occurred a few years ago with Premera Blue Cross resulting in a $6,850,000 penalty for a data breach that compromised the protected health information of 10,466,692 individuals. Furthermore, the practice resolved a multi-state action by paying $10 million and successfully settled a class-action lawsuit filed by the breach victims for $74 million.
When Was the Last Time You Checked Your HIPAA Compliance?
To maintain ongoing HIPAA compliance, it is necessary to regularly review and update your policies and procedures in response to regulatory changes and internal developments. While you can undertake this process independently, engaging with an expert third-party can help you focus on healthcare priorities.
The assessment should include:
- Comprehensive evaluation of all risks associated with Protected Health Information (PHI), considering its privacy, availability, and integrity. Thorough documentation of data storage, reception, maintenance, and transmission locations is essential.
- Identification and documentation of potential threats, including their probability of occurrence and potential impact. Utilizing this information, a theoretical risk level can be determined.
- Assessment of your cybersecurity measures to ensure they align with or exceed HIPAA standards.
- Documentation of all assessment information and the formulation of an Action Plan to address any identified noncompliance issues and mitigate risks.
By following these assessment recommendations and engaging in a systematic assessment process, you can proactively manage HIPAA compliance and safeguard sensitive patient data.
HIPAA Risk Assessments with Sourcepass
Sourcepass can help. For more information on how Sourcepass can help with HIPAA compliance, contact Germany Caushi, Cyber Risk Advisor at (877) 678-8080.