Is there an IT Doctor in the house? That is the question that many healthcare providers large and small may soon be asking themselves. Why? “It’s not for the reasons that you might think,” according to Judith Buckardt, president of Konsultek, an information security firm headquartered in Chicago.
It’s not for the reasons that you might think “Of course Electronic Health Records (EHR) are getting all the attention in the media. And certainly implementing an EHR system will be a major IT undertaking for any healthcare provider. But more importantly, and what is not being talked about, are the major changes to the Health Insurance Portability and Accountability Act (HIPAA) that snuck in as part of the American Recovery and Reinvestment Act of 2009 (ARRA).”
Buckardt continues “Contained within ARRA was a significant increase in the penalties for HIPAA violations and significant changes in the administration of HIPAA.”
Prior to ARRA, HIPAA was administered via a voluntary compliance approach with a maximum penalty of $25,000. This approach has changed under ARRA. The maximum annual civil penalty per violation is now $1.5 million. As of February 17th Health and Human Services has been given the statutory duty to investigate HIPAA violations and State attorneys general can now bring suit against both covered entities and their business associates when a HIPAA violation occurs.
Whether you are implementing an EHR system or not Buckardt’s advice to healthcare providers of all sizes is this; “Make sure your practice undergoes a thorough IT security audit from an independent 3rd party expert, especially if you will be implementing an EHR solution. The stakes are simply too high not to take this precaution.”
Konsultek’s white paper titled Is There an IT Doctor in the House? Dealing With the HIPAA Security Rule and EHR Security Compliance in a Small Healthcare Practice is available to those interested in learning more about HIPAA compliance issues and the security considerations surrounding EHR.
To request your copy of the white paper simply email or call 847.426.9355