Are your practice’s IT solutions jeopardizing your security? Would you even know if you’re at risk of a HIPAA violation?
When you use a fully managed environment, by a HIPAA-compliant service provider, you get peace of mind. Instead of concerning yourself with the technical details of physical, administrative and network security, you are free to focus on providing outstanding patient care.
Consequences of HIPAA Violation Are Not Worth the Risk
The consequences of HIPAA violation can be catastrophic for an organization. Penalties range in severity from a few thousand dollars to prison time, complete with a criminal record. Charges happen more frequently than you might expect. More frequently, in fact, than even two years ago.
- The HITECH Act helps uphold/enforce HIPAA
- Total of $6 million was charged in 2015, involving 6 cases.
- Total of $20 million was charged in 2016, involving 15 cases.
Scanning a list of 2016 violations and charges, the takeaway is how to avoid the fate of Feinstein Institute, the University of Massachusetts, and many other organizations.
Feinstein Institute for Medical Research received a $3.9 million penalty for having an unencrypted laptop stolen. The University of Massachusetts was charged $650,000 for having had a malware infection, which led to the unauthorized disclosure of PHI. These types of violations occur frequently. But before you hit the panic button, consider this technological solution.
How to Avoid a HIPAA Violation
In addition to having up-to-date, detailed policies and procedures, which are the foundation of HIPAA compliance, your practice needs measures to ensure there are, at all times, three specific types of security.
Managed services with a HIPAA-compliant service provider will protect your business with:
- Physical security
- Administrative security
- Network security
How The Purple Guys Prevents HIPAA Violation
To get perspective on the need for data security in dental practices, think for a moment of the high-stakes value you place on your family’s security. You install the best security system in your house that you can find. The one that guarantees if any unwanted visitors enter your property a piercing alarm is immediately triggered and Police show up.
You want equivalent measures to protect the confidentiality, integrity, and security of electronically protected health information of all of your patients.
You want to be able to sleep peacefully at night, knowing all of their personal health information is safeguarded behind layers of security. Just as you sleep well knowing your family is protected within the walls of your secure home.
Here are measures The Purple Guys takes to lock-in physical, administrative, and network security, at all times, to help protect you against a HIPAA violation.
Physical Security
| Safeguard | Method | Meets HIPAA Requirement or Extra Safety Measure |
| Facility access controls | Two-step authentication confirms identity of user to control access to PHI | Yes. Section 164.312 (a)(1) |
| Workstation use and security | Two-step authentication confirms identity of user to control access to PHI | Yes. Section 164.312 (a)(1) |
| Device and media controls | Two-step authentication confirms identity of user to control access to PHI | Yes. Section 164.312 (a)(1) |
| Offsite Backup | Data will be preserved regardless of any catastrophe in the business | Yes. Section 164.308 (a)(5) |
Administrative Security
| Safeguard | Function | Meets HIPAA Requirement or Extra Safety Measure |
| Third-party audits | Determines whether or not HIPAA compliance is achieved | Extra safety measure. The Audit Controls Standard doesn’t specify how audits are to be done. |
| Auditors must be certified | To uphold high standards, we only engage auditors who have gone through a rigorous The Purple Guys certification process | Extra safety measure |
| Stress test process is ongoing | Consistently ensure HIPAA compliance | Yes. Section 164.308 (a)(5) |
Network Security
| Safeguard | Function | Meets HIPAA Requirement or Extra Safety Measure |
| Encrypted tunnels | Data travels via secure connections between your offices and our facilities | Yes. Section 164.308 (a)(5) |
| Continually monitor real time cyber threats | Protection from outside threats and “user induced” threats | Yes. Section 164.308 (a)(5) |
| You are informed of test results | Test results, done outside of regular business hours to avoid loss of production and minimize downtime, confirm for you the efficacy of the security measures we take | Extra safety measure |
| Users must have 2-step authentication | Passwords are required for the cloud and then for software to to control access to PHI |
Yes. Section 164.312 (a)(1) |
Let The Purple Guys Take Care of Your HIPAA-Compliant Fully Managed Environment
The Purple Guys does not take security lightly. We have built expertise in our 20 years of service, and we have the audit results to prove it! We are actively involved with each client’s security needs and work hard to ensure applications and The Complete Cloud™ environment are completely sealed for safety.
The risk of HIPAA violation is real. The best thing you can do for your organization is to understand how a fully managed environment protects you from HIPAA violation. For more information contact The Purple Guys today.