What does the healthcare industry have in common with the financial industry?

Answer: HIPAA policies

The Health Insurance Portability and Accountability Act (HIPAA) enacted in 1996 is no longer affecting just the healthcare industry and its business associates. In fact, many industries have started to adopt policies similar to HIPAA in order to keep consumer information secure.

According to Karen Buesing and Elizabeth Hodge of JD Supra Business Advisor, healthcare providers and business associates that store or process protected health information (PHI) face increased scrutiny and significant fines for data privacy breaches and security lapses. In fact, in the past 12 months, the U.S. Department for Health and Human Services Office for Civil Rights (OCR) has recovered more than $10 million in fines for alleged violations of HIPAA.

The graph below shows the 10 largest health data (HIPAA) breaches prior to July 15, 2014. Not only does it detail the company responsible and the millions of patients’ affected, but also what the company did to commit a HIPAA violation.


10 Largest Health Data (HIPAA) Breaches

A financial company working with RMS recently asked for information about how we handle HIPAA policy violations. RMS has streamlined our HIPAA policy to create an overriding company policy for data breaches for all clients, demonstrating collaboration to align client needs and expectations beyond the healthcare industry.

Prior to this, RMS Healthcare had HIPAA policies in place due to The Health Information Technology for Economic and Clinical Health (HITECH) Act. The HITECH Act requires OCR to apply HIPAA rules and regulations to business associates to ensure patients’ PHI is secure.

Why are non-healthcare related companies adopting HIPAA policies?

Answer: Because consumer data, like healthcare data, is worth a significant amount of money on the black market. Furthermore, fines for not securing private information are high.

In a previous post, we found that Stephen Boyer, Chief Technology Officer of BitSight Technology, said patient’s electronic medical records sell for about $20, while credit card data sells for about $1 per card on the black market. This is a contributing factor to why HIPAA breaches happen so frequently in the healthcare industry and consequences are high.

How can I create policies and procedures to protect clients and customers in order to ensure their security and prevent breaches?

Answer: Please contact Susan Maxsween, Director of Healthcare and Practice Transformation at Research & Marketing Strategies (RMS) at SusanM@rmsresults.com or telephone her at 1-866-567-5422.

RMS Healthcare is a division of Research & Marketing Strategies (RMS) that specializes in HIPAA Compliance Training. For more information about our team and our services visit the RMS Healthcare page here. Please contact Susan Maxsween, Director of Healthcare and Practice Transformation at SusanM@rmsresults.com or telephone her at 1-866-567-5422 for additional information.