This morning I received my 5th letter in the past 3 years from a retailer notifying me of the possible exposure of my personal information due to a breach in their credit card system! With almost daily breaches of major retailers’ data systems, and identity theft a fixture in the national news, consumers are extremely sensitive to maintaining their privacy, even more so in the clinical setting.
As a healthcare consultant I’ve dealt with two information breaches in the past year alone. One clinic made the simple mistake of mailing the wrong patient statements to the wrong clients, while another’s staff member had their laptop stolen.
HIPAA breaches can occur through simple clerical errors or through circumstances beyond your control. Both show the role of HIPAA compliance and tracking within your organization to help mitigate risk and prepare for any exposure of personal health information (PHI).
Are you ready for when a HIPAA audit suddenly becomes real?
–Lynn Steffes, PT, DPT is President/Coach/Consultant of Steffes & Associates, a healthcare practice consulting service.
HIPAA Compliance: The Risks and Solutions
HIPAA violations present a substantial risk to organizations, both in terms of reputation and finances. As the U.S. Department of Health and Human Services continues to evaluate HIPAA breaches and raise the fines, organizations are taking steps to improve HIPAA compliance and the security of electronic protected health information.
In addition to HIPAA, the OIG, OSHA, CMS, JHCC, and other external bodies have their own set of regulatory requirements. In highly regulated industries, such as healthcare, the majority of organizations indicated these requirements impacted over 75% of their workforce and, in some cases, their entire organization.1
Fines on the Rise
According to the Bureau of Labor Statistics, OSHA levied nearly $200 million in fines in 2013.
HIPAA settlements and audits have also increased from $6.17 million in 2015 to $15 million YTD, with the highest individual settlement topping out at $5.5 million.
See the infographic below for a round-up of HIPAA breaches and settlements in 2009-2016:
Are You Prepared for a Compliance Audit?
In highly regulated industries, regulatory compliance was the most important internal learning program (34%), with products and services in a distant second (25%).1
Only 12% of organizations consider themselves very highly prepared for a compliance audit.1
The question remains, how do you make sure you are prepared? The risk is too high if you aren’t.
Engaging Compliance Training and Proactive Tracking is the Answer
According to a 2013 study, an average of about 45% of training is delivered as custom eLearning, which is also considered the most effective.2
For larger organizations with complex regulations, a certain type of on-demand training has shown to increase employee engagement with compliance and reduce the overall risk. In particular, this training uses short segments and interactive learning environments to present ambiguous situations that are relevant to the user.3
The key to avoiding costly HIPAA exposures is knowledge, self-audits, and training. Be sure that your team is up-to-date and sensitized to the importance of protecting your patient’s private information!
- Brandon Hall Group, Compliance Training: Critical to the Business, 2014.
- Wentworth, David. The Strategic Potential of Compliance Training, Brandon Hall Group. March 2013.
- Houlihan, David. Estimating the Business Impact of Employee Engagement in Compliance and Ethics Training, Blue Hill Consulting. April 2015.