U.S. Federal Department of Health and Human Services’ Office has announced that health care organizations that fail to protect health information privacy could pay up to $1.5 million for each violation. Indeed, penalties this size are severe. The real zinger is that these penalties apply even if you as the “covered entity” didn’t know—and would not have known — about the problem. That is, penalties apply even after you may have exercised and can demonstrate attempts toward diligence. This ruling is part of the enforcement for provisions of the Health Information Technology for Economic and Clinical Health Act. How can you protect your organization? These ten strategies, as provided by DataMotion, Inc. can help:
- Take secure measures to prevent human mistakes.
- Assure that boundaries between systems are secure.
- Assure that internal communications are secure.
- Assure that partner communications are secure.
- Assure that communications with telecommuters are secure.
- Make absolutely sure that communications with customers—or patients—are absolutely secure.
- Assure that when your customers—or patients—communicate with you, that everything they do is secure.
- Assure that customer workflow is automated, so there are fewer mistakes.
- Make it easy to transfer files securely.
- Assure that you can demonstrate that your system is compliant and auditable.
For much more detailed information about these 10 strategies, see the Ten Tactics to Avoid Penalties for Health Information Privacy & Security Breaches. Please add your ideas below.