Contact us today!

Telesys Voice and Data Blog

Telesys Voice and Data has been serving the Dallas/Fort Worth area since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Medical IT: How Is HITECH Doing?

Medical IT: How Is HITECH Doing?

Compliance laws regarding the storage and dispersion of healthcare records were implemented with the intended purpose of urging healthcare providers to better take care of their patients’ personal information, but how effective are they? Unfortunately, there are many providers that have failed to meet the standards for the HIPAA and HITECH compliance laws, and it has brought a hefty price tag along with it.


In 2016, the Office for Civil Rights (OCR) and the Department of Health investigated several data breaches that led to a considerable sum being claimed in response to violations of these compliance laws. In what totaled to 12 settlements following the investigations of data breaches caused by failure to comply with these laws, as well as one monetary civil penalty, these claims amounted to approximately $25,505,300 in fines.

Compare this to the more recent data. In 2017, there were only nine HIPAA settlements that produced a total of $19,393,000, as well as a single monetary civil penalty paid, a considerably smaller sum than the previous year. Clearly something is working here, but what is it? Perhaps it’s the fear that being negligent with important data could mean a large sum raining down on the heads of those who fail to adhere to these laws.

What’s even more interesting are the types of violations that led to these penalties. While the majority of these involve a failure to protect protected health information, or PHI, and its digital counterpart electronic protected health information (ePHI), there are a couple of outliers that are interesting to look at. Here are some of them:

  • Insufficient ePHI access control
  • Impermissible disclosure of ePHI
  • Careless handling of PHI
  • Multiple HIPAA violations
  • Delayed breach notifications
  • Lack of security management process
  • Lack of a business associate agreement

The majority of the issues revolving around HIPAA and HITECH compliance come from an inability to secure mobile devices, failure to implement proper security processes, and delaying breach notifications for far too long.

As for HITECH specifically, a recent lawsuit was filed in federal court against 60 hospitals over alleged failure to adhere to the HITECH Act. Specifically, these hospitals failed to adequately provide records and documentation for 50% of their patients within three business days of the request. This is one of the specific requirements for securing funding through the HITECH Act, so you can understand that this was quite a big red flag for government.

Consequently, these 60 hospitals from the state of Indiana now face charges totaling over $1 billion for failure to provide records as required, despite receiving the incentive payments totaling around $324 million. Additionally, these hospitals face claims that they violated the Anti-Kickback Statute and the False Claims Act for claiming that they were HITECH-compliant, when in reality they failed to meet the requirements of the regulation.

Not all practices fail to adhere to HIPAA and HITECH, though. Is your practice one of them? Answer with confidence today by reaching out to Telesys Voice and Data at (800) 588-4430.

Get Rid of Those Filing Cabinets with Document Man...
Hackers Prey on Social Media Users
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Thursday, 21 November 2024

Captcha Image

Mobile? Grab this Article!

QR-Code

Blog Archive

2014
January
February
March
April
May
June
July
September
October
November