Risk of owning a car
If you take a step back and think of the risks of owning a car I think you would be shocked. Cars have associated risks that could significantly impact you and your family. Some of the risks include:
- The risk of being hurt or killed in a car accident
- The risk of hurting someone else in a car accident
- The financial risk of being hurt and the associated medical costs
- The financial risk of hurting someone else and being sued
- The financial risk of someone stealing your car
- The financial risk of repairs to your car
Owning a car may be one of the most risky investments that a person makes. But yet we get in our cars every day and drive to work or bring our children to baseball practice. In fact most of us don’t even think about the associated risks. Why is that? Some of the reasons we don’t worry about the risk that automobiles present us is that we have taken steps to minimize the risk. Some of the steps include:
- We buy cars with advanced safety features to protect us in the event of an accident
- We have medical insurance to offset expenses in case we are hurt in an accident
- We have car insurance to cover expenses of accidents or if our cars are stolen
- We obey traffic regulations that are in place to make driving cars safer
Risk of maintaining patient information
So as you can see, we have put in place safeguards to protect us from the risks that our automobiles present us.
Like cars, electronic protected health information (ePHI or patient information) present us with significant associated risks. Some of the risks include:
- The financial risk of regulatory fines for non-compliance with HIPAA regulations
- The financial risk of security data breaches that disclose ePHI
- The risk of negative publicity or reputation damage in the event of a data breach. Negative publicity could have associated financial risk of patients leaving or not using to a medical practice
Have you thought about what the impact would be if any of these events would happen?
- What if you receive a $200,000 HIPAA fine for non-compliance?
- What if you had $300,000 of breach related expenses due to a security breach? Expenses include IT forensics, legal expenses, patient notification expenses, etc.
- What if you received a HIPAA fine and your search results in Google displayed stories on your HIPAA violation? Would this have an impact to existing or new patients?
Patient information safeguards
As you can see, maintaining ePHI has associated risks that could significantly impact your organization. Like owning a car, it is critical that you put in place safeguards to minimize the associated risks. Some of the safeguards include:
- Performing a HIPAA Risk Assessment to understand what security safeguards need to be implemented to protect ePHI
- Training employees on how to protect ePHI
- Implementing encryption on laptops and smartphones to minimize the risk if these devices are lost or stolen
- Purchasing HIPAA / Cyber insurance to offset the expenses of regulatory fines or breach related expenses
Maintaining ePHI is risky but like owning an automobile, it is possible to implement safeguards that offset the associated risk. But not understanding the risks or not putting in place the appropriate safeguards could significantly impact or cripple an organization.
- Would you purchase a car without purchasing insurance?
- Would you drive a car without using seat belts or put your children in a car without seat belts?
- Would you drive through red lights or disobey traffic regulations?
Most likely the answer to the above questions is NO! Take a step back and seriously look at the risk of having ePHI. Make sure you take steps to protect your organization against the associated risks of having electronic patient information.
Don’t drive without seat belts!
[framed_box bgColor=”#ffd390″] Organizations need to perform a Risk Assessment to determine the likelihood of risks and what additional security measures should be put in place to protect patient information.
understand the HIPAA Risk Assessment process