The $100,000 fine to a Seattle-based home health agency last month should cause health care providers and related industries charged with protecting private patient information to take note, experts say. The government’s cracking down on HIPAA — the patient privacy act — violations.
The U.S. Department of Health and Human Resources said it created a “robust” corrective action plan that requires the company to:
- Revise its security policies and procedures
- Train its workforce members
- Conduct regular audits and site visits
- Submit compliance reports to HHS for the next three years
All this happened after HHS received more than 30 complaints against Providence Health & Services for losing unencrypted laptop computers and backup data more than two years ago. AIS Health.com, in a report on patient privacy, wrote that the punitive measures are a signal that the government is taking a tougher stance on HIPAA compliance. Two experts weighed in:
“This is a significant warning sign for covered entities, mainly a heads up that the government is getting more aggressive and [the CAP provides] a checklist of items that companies should be paying particular attention to in their security efforts,” says Kirk Nahra, a partner with Washington, D.C.-based law firm Wiley Rein, LLP.
Adds Chris Apgar, a health care privacy and security consultant, “covered entities need to prepare for the potential that a privacy complaint could lead to financial costs associated with a corrective action plan and the imposition of a ‘fine.’”
One Comment
That should be “privacy breaches.” Breeches are hindquarters. Unless that is what they were showing.