Regulatory compliance regarding patient health information has reached a place in history in which doctors are now taking down the mural of baby photos that have adorned the walls of hospitals for decades. A picture has been officially painted, or in this case removed, of the severity of data breaches and the importance of securing medical information.
Health professionals are becoming increasingly wary of running afoul of the rules enforced under the Health Insurance Portability and Accountability Act. Some doctors no longer want to have a "baby board" hanging in the office, for the fear that someone may photograph the pictures and furthermore identify the people in the pictures, according to The New York Times.
It's not about having pictures, which under HIPAA are considered to be in violation, but for some hospitals it's more so about someone having the ability to identify them, thus releasing names and perhaps more information. This example draws on the fact that with HIPAA tightening its rules, health care professionals must be more careful than ever before.
An injection of fear
Lawmakers have altered HIPAA many ways over the years and in its most recent version, there are hard consequences for those in violation. The penalty varies by degree of diligence or negligence applied to individual situations, according to the American Medical Association.
In the best case scenario, a person did not know that they were violating HIPAA but they can still be fined $100 per violation, according to the source. In some instances, a heap of medical records has been compromised unintentionally on one occasion, which could rack up a tab upward of hundreds and thousands of dollars for an accident.
Worst-case scenario would be that a violation occurred due to willful neglect and was not corrected. The minimum penalty for this situation starts at $50,000 per violation. Imprisonment could also accompany the fines depending upon the severity.
Those liable under HIPAA could include health care providers transmitting electronic forms, and employees may be held directly criminally liable in accordance with "corporate criminal liability." Others not directly linked can be charged with conspiracy. A heavy increase in security breaches has taken place since around the same time that EHRs began to surface in the health care industry, back in 2009.
The health care sector experienced the most data breaches in 2014, according to a report by the Identity Theft Resource Center. Over 44 percent of breaches occurred in this vertical compared with others. The business industry had the second highest number of incidences but still experienced 10 percent fewer breaches than health care. The lowest industry comparatively speaking was banking/financial which made up for 4 percent of the overall reports.
Although many institutions are substituting EHRs for paper record-keeping entirely, others are slowly implementing them to meet a specific goal but also maintaining traditional methods-known as hybrid health records. Other than staying under the radar and out of the courts, medical officials could be lured to use paper documents because they come with peace of mind.
Doctors can lock up a piece of paper that contains delicate patient data and store it in a place that can't be accessed at any given time by hundreds of thousands of cyber thieves. Although security issues may seem bleak in a time when doctors are taking down pictures of newborn babies, health care providers can still rely on printed documents of health records to provide a sense of relief and stability.