HIPAA violations abound. In October, AHMC Healthcare in Alhambra, Calif., reported that health information on 729,000 patients was compromised due to the theft of two laptops.
Last year, an Arizona physician agreed to pay $100,000 to HHS to settle a HIPAA violation case. HHS’s Office for Civil Rights found that Phoenix Cardiac Surgery had few policies and procedures to comply with HIPAA and limited safeguards to protect electronic patient health information.
And last month, two employees from an Arizona medical billing firm were arrested for stealing the credit card information of multiple patients of the Scottsdale Dermatology Clinic.
Healthcare organizations large and small are struggling with the many facets of HIPAA compliance. One Source Document Management says the largest volume of 2012 HIPAA violations occurred as the result of PHI on unsecured laptops. Another major source of breaches is loss of backup discs or portable drives.
The good news is that no matter the size of your organization all of these violations can be avoided by moving patient information (including billing) to a HIPAA secure cloud platform. In cloud based systems, patient data is not stored on laptops or unsecure drives waiting to be stolen. And because each person who accesses systems containing patient information has a unique login and password, monitoring everyone’s behavior is straightforward and efficient.
An estimated 75% of the medical market currently uses in-house server-based software such as Medisoft or Lytec, but according to the AMA, the trend toward cloud based solutions is accelerating.
“People recognize the conveyance of cloud but are actually quite ignorant of some of the more important technological advantages such as increased security” states Viginia Rosen of Vastiel Technologies. “Every Fortune 500 company you can name went to the cloud five to ten years ago”. “The reasons are an important consideration for the Healthcare IT industry”.
The fact is, cloud-based applications are built to help with HIPAA compliance issues. As we discussed in a previous post, there are 49 HIPAA compliance rules that must be met by billing software used by medical practitioners. A typical in-house, server-based program addresses 9 of them; a cloud-based billing application meets 32.
But there is more to it than just software; it’s a requirement to designate a HIPAA officer and HIPAA Security officer, and conduct ongoing assessments. But with breaches occurring so easily in office settings that utilize desktop software programs, and with compliance rules growing stricter, more complex and harder to understand, moving to the cloud is clearly a way for medical billing services and practices that are lagging behind, or that want to ratchet up their compliance efforts, to take big steps forward in a HIPAA secure direction.
Last Updated on