A cancer care physicians group was just fined $750,000 for HIPAA violations when an employee’s lap top was stolen. This hefty fine serves as a wake up call to all small to mid size health care providers and their business associates.
Most providers try, at all costs, to avoid a data breach but often they are inevitable in the day and age of technology in which we live. Instead, practices would be wise to: (1) establish a compliance program (2) perform and document risk analysis and (3) implement solid training programs.
Businesses don’t realize the discretion they are affording their employees when they allow them to make the call on whether a document contains Protected Information (PHI) or not. Often times these employees are busy and don’t have the understanding or time to make the right call. One wrong decision is all it takes for a document containing PHI to end up in the dumpster. A split second judgment call made by an employee can result in a HIPAA violation that carries significant fines and a severely damaged reputation.
By Dawn Connelly, Esq.
For more information please contact us at www.shredwithme.com or call 772.283.4152