In the United States, healthcare organizations are required to abide by the Health Insurance Portability and Accountability Act (HIPAA) of 1996. This act provides guidelines pertaining to the handling of patient information across a number of platforms. When healthcare organizations are looking for cloud solutions to manage their data, ensuring that it is HIPAA compliant is a necessity.
The Office for Civil Rights in the United States periodically conducts HIPAA compliance audits on healthcare organizations. Most recently, a second round of audits has commenced, and 167 organizations have been notified that they will be investigated. Whether done through ignorance or negligence, HIPAA violations often come with large fines that can range from hundreds of thousands of dollars, to millions, depending on the severity.
In a story written by Kristen Lee, titled Q&A: The main reason healthcare organizations violate HIPAA, an interview is conducted with Michael Archuleta, director of IT and HIPAA security officer at Mt. San Rafael Hospital in Trinidad, Colorado. Archuleta states that, "the most common reason that healthcare organizations violate HIPAA during audits is because most healthcare organizations assume HIPAA compliance to be a one-time project, rather than an around the clock, everyday practice." Therefore, simply having HIPAA compliant software is not enough. The management and use of this software to its full potential, day after day, is the key to remaining compliant and achieving a successful audit.
There are also other ways in which healthcare organizations can protect their data and remain HIPAA compliant. Archuleta recommends encrypting important data and the use of secure texting, which both act as extra layers of security.
Archuleta predicts that HIPAA violations will continue to rise due to inadvertent behavior by healthcare organizations. Though, with extra attention to detail, in the form of new secure steps, organizations can avoid the possibility of large fines, while protecting sensitive data.
For more information, you can read how Giva implements HIPAA compliance for its cloud-based software applications.