Skip to content
Contact us
All posts

HIPAA - Protecting PHI

Picture of Michael Cullen By   ·  2 minute read

 

 

Imagine this: you’ve got $100,000 lying around, just waiting to be spent on something unexpected. Sounds like a dream, right? Well, for a healthcare provider in New Jersey, this dream turned into a bit of a nightmare, but not the kind that happens on April 1st and you laugh off by noon. They were handed a hefty fine because they dragged their feet in giving patients access to their own medical records. No joke, this actually happened.

New Jersey Nursing Facility fined $100k

Here’s a little insider info for you, coming from someone who’s been navigating the HIPAA compliance waters for quite a while now. Not all healthcare providers are created equal when it comes to handling patient information. There are those who know they’re not fully compliant with the rules and those blissfully unaware of their compliance gaps. But let me tell you, after conducting countless risk analyses, I’ve yet to see one that doesn’t shine a spotlight on some kind of issue. Thankfully, the ones knowingly playing fast and loose with the rules are few and far between. This blog is for the majority who care but might not be fully in the know.

HIPAA – it’s that big, important law that keeps patient data safe yet accessible for when it’s really needed, like during medical emergencies or routine care. It’s all about striking the perfect balance between keeping this info private, secure, and available. Privacy keeps the peepers out, security locks down the data from threats, but availability? That’s the unsung hero. It means having the information ready when and where it’s needed, because what good is data if you can’t use it to make informed decisions about care?

Now, onto the story of Howard Beach Podiatry. They found out the hard way about the importance of having an ace up their sleeve, or more accurately, offsite. Before they teamed up with us, they hadn’t thought about what would happen if their onsite backups took a swim – which they literally did when Hurricane Sandy hit, THREE months after they hired us and just weeks after we implemented an offsite backup solution. Thanks to our foresight in setting up encrypted offsite backups, we had them back on their feet hours after the disaster. With their office still under 5 feet of water and their servers, desktops  and local backups destroyed, we had Dr. Love accessing her EHR from a laptop at home, rescheduling her patients without a byte of PHI lost.  It’s a stark reminder of why availability of patient information isn’t just a nice-to-have; it’s a must.

But here’s the kicker: when we do our deep dives into new clients’ systems, we often find that while they’ve got solid backup strategies, they’re sometimes missing pieces of the puzzle. It’s not just about backing up the data you think is important; it’s about ensuring everything, including that often-forgotten X-ray or imaging data, is accounted for. You’re not just a guardian of data; you’re holding onto pieces of people’s lives.

And that brings me to the heart of the matter: regular risk assessments aren’t just a good practice; they’re a HIPAA must-do. They help you catch what you might miss in the day-to-day, ensuring that every piece of patient information, every record, and every image is accounted for and protected.

So, for those of you in the healthcare sector, remember: HIPAA compliance isn’t a one-time event; it’s a continuous process.  And HIPAA is built upon three pillars, all of equal importance.  We all think of privacy and security when we think of HIPAA but don't forget the importance of availability.  If you’re ever in doubt or want to ensure you’re covering all your bases, my door is always open. At Black Bear MSSP, we’re not just about tech solutions; we’re about partnering with you to keep patient trust intact and data secure. After all, in the world of healthcare, it’s not just about avoiding fines; it’s about doing right by the people you serve.