HIPAA Breaches – Does size matter?

By | June 24, 2015

HIPAA like relationships is confusing at best.  Many have wondered, “How can I possibly understand all the fine nuances of HIPAA compliance?” Suggesting the law is as clear as mud would be a gross understatement. If you haven’t already spent time trying to understand HIPAA and its role in your practice, it may be time to consider its impact.

A HIPAA breach can result in mailing out letters of apology and offering free credit monitoring, or all the way to being fined thousands of dollars. While there are various ramifications due to a breach, the real issue is the patient’s rights and YOUR reputation.

HIPAA represents one thing and one thing only to clients and patients: CONFIDENTIALITY. It implies that their information is safe, and the safety of said information is to be taken seriously. This is a major implication, as it relates to public trust. If (and when) that trust is broken, it can have an incredibly damaging effect on your practice. In a time when “Googling” a company name can easily gather information, it is more imperative than ever to not have a negative public perception.

If you run a practice (Covered Entity) or company (Business Associate) bound by HIPAA laws, ideally you would like to have a group of attorneys for the purpose of reading and interpreting HIPAA for your sake. Most employees simply accept the company’s policies and follow said policies. When a breach occurs, the company is held responsible, and employees enjoy a certain amount of protection (although Human Resources may see that differently depending on the type and impact of the breach). A HIPAA breach represents a lost trust and will have long-term effects, on everything from patient relations to business investments. Letters of explanation and offering credit monitoring may do little to remediate the damage.
If you own a small private practice, any breach on confidentiality could have such a rippling effect that you are forced to close your practice due to the loss of public trust. Can you afford to have a HIPAA breach of any size?  The truth is, you can’t. Size does NOT matter. The fines are not covered by liability insurance if you are not compliant, you may owe much more than you ever banked on. A loss in public trust will lead to a drop-off in new and returning patients.  As we all know, building a practice is not easy and is often costly. Do you want to risk it all because you did not do your due diligence in preventing breaches?

No matter how big or small, the repercussions of a HIPAA violation are indiscernible in their magnitude, and therefore precautions are absolutely necessary. So, how do you take precautions? The first step is to familiarize yourself with the main points of the regulation – how are you responsible and for what? If the regulation is still unclear, consider taking a certification course on the HIPAA and how it relates to a practice or business like your own. Some liability insurance companies offer consultation services, either as a benefit of the policy or for a fee. No matter how complex the law, as a Covered entity or Business Associate, denying knowledge or understanding of the law is not a valid excuse.

Size does NOT matter in HIPAA violations.  The regulation is complex and can be somewhat difficult to understand, but as holders of the public’s trust, you will be held responsible for any violation of protected health information (PHI).  As in relationships, saying, “I didn’t know” will result in you sleeping on the couch.