The healthcare industry is beginning to realize that HIPAA is here to stay and they are probably going to be audited sooner or later. What physicians and all healthcare providers need to understand is that if you don’t protect your patients’ PHI/ePHI the following can happen to your patients as a result of their identity being stolen and used.
NOT Protecting Your Patients’ (PHI/ePHI):
- You can cause them financial difficulties or even financial ruin.
- You can cause them undue stress, even a stroke or heart attack.
- You can cause them to be denied healthcare insurance.
- You can cause them to be denied healthcare services.
- You can cause them to be denied medicines, treatments, and therapies.
- You can cause them to be misidentified during healthcare treatment, causing incorrect operations, procedures, medicines, or even death.
- You can cause the death of your patient.
- You will suffer the consequences listed under “NOT Protecting Your Practice”.
You might think, these can’t happen, but all of them have already happened, with the exception of causing a death, but there have been several close calls with death because of identity theft.
What HIPAA “forces” you to do, is what you should already be doing: operating a safe, secure, efficient, productive, and profitable healthcare provider organization. That’s right, if you were doing what needs to be done to protect your patients’ PHI/ePHI, you would be HIPAA compliant and you would be protecting your practice (business) and yourself.
NOT Protecting Your Practice:
- You will likely be breached and lose access to or have your patient’s ePHI stolen.
- You will receive the maximum fine from the HHS OCR audit, which may close your doors.
- You will likely have a class action lawsuit by your patients against you.
- You will have approximately 40% of your patients abandon you and your services. (People don’t like having their identity stolen.)
- You will have to pay for the remediation of your HIPAA non-compliance issues with government oversight.
- You will have to pay for cyber theft protection insurance for all of your patients.
- You will suffer from negative social media.
- You will suffer major interruption to your cash flow.
And last but not least, you must realize you need to protect yourself. The HIPAA law provides for the prosecution of individuals who neglect to protect their patients’ PHI/ePHI or those individuals who destroy, lose, or steal a patient’s PHI/ePHI. If you don’t want to wear an orange jump suit you might want to consider working on becoming HIPAA compliant.
NOT Protecting yourself:
- You could find yourself sued by patients.
- You could find yourself fined for failure to protect PHI.
- You could find yourself found guilty of breaking the law.
- You could find yourself in federal prison.
Protect your patients, protect your practice, protect yourself.
I would strongly suggest you use a Compliance Management Platform to build the required body of evidence, reduce the work load, increase compliance, simplify electronic reporting and save money while working to become HIPAA compliant. Check out CompassDB™ at http://compassdb.com/.
If you want to know where you stand with your HIPAA compliance take the free HIPAA Quick-Check.