Seattle, WA (PRWEB) September 26, 2012
16 years after HIPAA (Health Insurance Portability and Accountability Act) was signed into law, many firms under its jurisdiction are still in danger of heavy financial penalties. In the past six months, the first Business Associate of a medical practice was charged under HIPAA, as was the first small practice. These two actions have sent a signal to medical industry that their current state of compliance is unacceptable, regardless of size or type of involvement. The online Health IT blog network has largely described these events as important indicators of the future regulatory landscape.
As an actor well-tuned to the medical regulatory and technical environment, EMRSoap helps businesses and medical practices understand what risks they face by managing their patients’ information. Because many firms do not understand what their technical and regulatory needs are, EMRSoap is now offering a complementary Health IT risk discovery session. Clients can expect to receive advisement on the following topics: applicability of regulations, understanding of current business HIPAA compliance, IT risks to their practice, the possibility of receiving Meaningful Use incentives, and other relevant Health IT information.
In May, Accretive Health, a business partner managing revenue cycle operations for two healthcare facilities in Minnesota, was implicated for a breach of patient health information. They settled the suit, Case 0:12-cv-00145-RHK-JJK, in the District Court of Minnesota for $2.5 million. Accretive’s health’s non-compliance is non-unique. Many partners of medical practices are not aware that they qualify as ‘Business Associates’ under HIPAA regulations, and that they will be subject to financial penalties for not properly protecting patient health information (PHI). However, businesses may need outside help. According to Carlos Leyva, author of the HIPAA Survival Guide, ‘small Business Associates, depending on their staff’s regulatory compliance and technical skill depth, will almost certainly need to hire HIT consultants if they want to comply with the HIPAA Security Rule.’
In April, Phoenix Cardiac Surgery, a 5 physician surgery clinic, was fined $100,000 by the Office of Civil Rights, HIPAA’s regulator, for their non-compliance. Distributed through a press release at hhs.gov/news, this was a landmark case, as all previous significant fines were targeted towards much larger healthcare organizations. Many expect the regulatory action against small practices to increase, as they are some of the most unsecure actors in the healthcare system. Verizon’s “2011 Data Breach Investigations Report’ stated that small physician practices were the most at-risk group within healthcare for a data breach.
Even if a Business Associate or a practice is compliant to the letter, they might still be in financial danger due to a breach. Because HIPAA compliance does not require specific technical standards, some medical practices claim compliance while implementing weak data security. While such a practice would avoid an audit, they would still face large operational and financial problems as they are required to improve their security, alert their patients of the breach, and mitigate any damages caused the breach. A district Healthcare IT specialist is often required to protect medical practices.
The medical industry is facing increasingly complex technical systems and restrictions. EMRSoap offers advisement that will help businesses and medical practices grow securely despite the challenges they face. EMRSoap relies on its’ parent company, CyberStreams Inc. to provide quality technical consulting. CyberStreams has been providing reliable technology support to the greater Seattle area since 1997. In addition to being a Microsoft Certified Partner who provides IT Consulting services, CyberStreams also offers expert guidance on business phone systems.