For years, HIPAA has been known as a “paper tiger” because it looked fierce on paper but in reality, it delivered the impact of paper cut.
Unfortunately, those days are done. And 2016 marks a new era in HIPAA hassles and chiropractic compliance concerns (see my previous article for details on why).
While most chiropractors would be happy to ignore HIPAA and anything compliance related, here are seven real life examples (that easily could happen in a chiropractic office) of why it may be too costly to do so:
- The Software Slip
How many times have you ignored those annoying software updates? If you are like most folks, pushing the techie equivalent of the software snooze button comes easy. But think twice next time. Your outdated software makes you extremely vulnerable to data breaches and Big HIPAA wants you to get that lesson loud and clear. In fact, a $150,000 HIPAA Fine was doled out as the direct result of failing to identify and address basic risks, such as not regularly updating their IT resources with available patches and running outdated, unsupported software. Ouch.
- The Risk Analysis That Wasn’t
In another techie nightmare, a $50,000 HIPAA Fine was firmly planted upon a covered entity who had not conducted a risk analysis and they did not have policies or procedures to address mobile device security despite the fact that they used mobile devices in their practice. And you guessed it. The laptop got stolen. Data breached. And HIPAA moved in to assess the damage. The cost of a basic risk analysis? Free. The fine for not having one in place? Yes, you read that correctly…$50,000! (See below for how to get a FREE Chiropractic Compliance Risk Analysis for your practice!)
- The iPad iGoofed (Again)
Another covered entity received a $1,975,220 Fine because they had previously recognized that a lack of encryption on its laptops, desktop computers, medical equipment, tablets and other devices containing electronic protected health information (ePHI) was a critical risk. However, event though steps were taken to begin to correct this risk and encrypt data through their devices, the efforts were incomplete and inconsistent over time. I’m sure this healthcare entity had a million other things to do. Now they have all that and nearly two million in fines to pay as well.
- Chiropractic Compliance Concerns a la Carte
Sometimes, HIPAA compliance can bleed you to death slowly as well. Instead of one big fine and one big disaster, consider that according to a report by the Ponemon Research Institute, the average data breach in 2015 cost $398 per record. Affordable? On the surface maybe…as long as you only have a few patients. Considering that a data breach typically affects your entire data set and the average chiropractor may easily have thousands of patient records, a la carte approach at $398 per record no longer sounds like a bargain.
- When You Liability Policy Leaves You High and Dry
Some savvy insurers are beginning to see the dollars in offering liability insurance which may cover items such as data breaches or other HIPAA threats. But before you write that check, consider the case of the U.S. District Court in Los Angeles Casualty Co. v. Cottage Health System. According to this lawsuit, the healthcare entity filed a claim to their liability carrier after a HIPAA violation. They thought the liability insurance would cover them in case of such errors. Unfortunately, the claims was denied by the liability insurer because the healthcare office failed to follow “minimum required practices.” In other words, the liability insurance coverage you have in case things go wrong because you failed to have things in proper order may not even come to your defense…because you failed to have things in proper order!
- How to Lose Half (Or More) Of Your Practice Over Compliance
Think compliance is a non-issue because your patients are loving and loyal? Think again. A recent survey by Austin, TX based Software advice firm indicated that 54% of your patients are very likely to leave you and change providers following a data breach.
- Gambling with Gossip
Most chiropractors would hope that their employees are aware enough of patient privacy matters to not share personal health information outside the office. But the fact is loose lips can sink ships. Walgreens received a $1.4 million dollar fine when one of its pharmacists shared confidential medical information about a customer who had once dated her husband. Part of the reason for the large fine was not only due to the leak of patient health information, but because of Walgreen’s failure to have proper procedures in place for training employees on private health information security.
THE BOTTOM LINE
What about you? Is your office an impenetrable fortress with respect to compliance or a cause for concern?
One simple way to find out is to take our quick FREE Chiropractic COMPLIANCE RISK ASSESSMENT which includes a scoring analysis of your risk level (high, medium, low) and suggestions for improvement.\
And certainly that’s not all you need to do to be compliant. But considering the above mentioned $50,000 fine for failure to assess risk, it’s a great and inexpensive way to start!
Don’t delay, take strides towards compliance today.