An IT friend recently told us about a doctor who had his computer stolen from out of his office. The doctor, the victim of a robbery, ended up having to pay a $50,000 fine for his stolen computer– ouch! First your computer gets stolen and then YOU get fined? What’s up with that? HIPAA, that’s what. The HIPAA penalties for breaches are costly, painful, and…mostly avoidable.
HIPAA penalties for breaches occur whenever a data containing device that has consumers’ personal health or other information stored on them is lost or stolen – that is, whenever the devices are not encrypted. IT professionals can install encryption software that would release health care professionals from these hefty fines in the event of loss or theft. Think about all the medical professionals who are at risk of fines:
- doctors
- dentists
- chiropractors
- podiatrists
- psychiatrists
- counselors
- optometrists
- physical therapists
However, according to Marion K. Jenkins, PhD, FHIMSS, writing for physicianspractice.com, the biggest threat to medical practices is found with portable data containing devices, like:
- laptops
- tablets
- smart phones
- usb drives
- CDs/DVDs
In fact, lost or stolen laptops that are not encrypted seem to top the list of HIPAA penalties for breaches. Jenkins recommendation is to never, ever let employees put patient information on any portable device. To help avoid HIPAA penalties for breaches, medical professionals would be wise to consult an IT professional and make sure their electronic data containing devices are all encrypted.
But what happens when laptops, computers, cell phones, tablets and the like are taken out of service? Isn’t there the same risk of liability and HIPAA penalties for breaches? Absolutely! Most of the time, the encryption software, which is licensed and paid for by the license use, is taken off the old equipment and put on the new devices. This leaves the old devices, with any stored patient information on them, vulnerable. And contrary to popular belief, it is not enough to reformat the hard drive, or even take a hammer to it.
The best thing you can do to avoid HIPAA penalties for breaches on your old, unused data containing devices is to have a compliance plan in place and partner with a data destruction specialist, like Data Nukes. We can help shift the liability from your medical practice to us. The cost of a certification for data destruction is less than what most people spend on a few fancy coffees – nothing compared to a $50,000 fine imposed for a HIPAA penalties breach.
Why put your practice and reputation at risk? Contact us today to find out how we can help you put compliance plans in place and properly dispose of your data containing devices.