Under the HITECH Act, passed in 2009, the secretary is required to post all breaches affecting 500 or more patients to the internet. This applies to all medical providers and Business Associates. This web site is commonly referred to as the HIPAA Wall of Shame. You can find it at https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
The saying “all publicity is good publicity” does not apply here. While your office is looking to attract and retain patients, patients are using the internet to decide where they want to get treatment. You do not want potential patients to search the name of your practice and find your office listed on the wall of shame. Any breaches reported in the last 24 months will remain on the Wall of Shame while they are under investigation. After 2 years, the report isn’t removed, it is moved to the archives and remains public information. Keep the search engine optimization and marketing opportunities in your favor by taking appropriate steps to mitigate the risk of a HIPAA breach.
If you take a look at the Wall of Shame, you will notice that it includes small practices, hospitals, hospice care, business associates, specialty providers (including podiatrists) and more. No one is exempt from the wall of shame.
Take a look at how many breaches occur with Business Associates. This is a warning to your office. Even if you are doing everything perfectly, your Business Associate may still experience a breach. The patient information that you share with your Business Associate is still your responsibility. Take heed and ensure that you have a valid Business Associate Agreement with all of your Business Associates.
Breaches can occur due to hacking, due to physical theft or loss of devices. It is important to realize that despite our best efforts, you can still experience a breach if someone in your organization or at your Business Associate's office makes a mistake. This is why is essential to have an up-to-date risk analysis. While it doesn’t remove the chance of a breach, it provides tools to mitigate the probability and gives your office the opportunity to avoid fines if the breach is remediated within 30 days. But again, you must have an up-to-date risk analysis.
If you need help or want more information about risk analysis and mitigating the risk of a HIPAA breach, reach out to TLD Systems at info@tldsystems.com or schedule a Free 30-Minute Risk Analysis to get you started.
Read Comments