Managing Patient Data (PHI) Sprawl
In 1996, the Health Insurance Portability and Accountability Act (HIPAA) created an electronic data interchange that health-care providers and other related organizations are required to use for electronic transactions. The HIPAA Privacy regulations require health care organizations and their business associates (BAA) including cloud providers like AWS and Azure to create and follow procedures that ensure the confidentiality and security of protected health information (PHI). The law further mandates that PHI must be protected even when it is transferred, received, handled, or shared. Finally, the legislation applies to all forms of PHI, including paper, oral, and electronic, etc. HIPAA applies to any organization that holds Protected Health Information (PHI) on any citizen in the USA.
Over the past decade, mobility and IoT devices used in healthcare have increased the depth of data and insights available to improve the quality of care, patient outcomes, and patient experience. However, with all the positives that have come from the increase in patient information and the accessibility to that data, healthcare providers are required to manage and govern the complexity and sprawl of the data, but most importantly, protect that data.
Healthcare organizations have the unenviable task of balancing the protection of massive amounts of personal and medical data with the requirement for quick access and easy movement by the care providers, insurers, and partners.
Eliminating the Fines are Costing Healthcare Organizations Out of Compliance in OCR Audits
The federal fines for HIPAA noncompliance are based on the level of perceived negligence found in an organization at the time of the HIPAA violation. These fines and consequences can range from $100 to $50,000 per violation or patient record, with a maximum penalty of $1.5 million per year for each violation.