Whether you manage back-end server security or the clinical side of technology, IT directors know it’s crucial to protect the privacy of patients in the system. This starts with the tools doctors, nurses and other medical professionals use to communicate with each other and with their patients. Not only must every message comply with the Health Insurance Portability and Accountability Act (HIPAA), but with the transition from paper to electronic health records, the risk of security breaches is greater and more costly when users send unsecured messages.
IT heads must keep up with the latest technologies to avoid these five disastrous consequences of using non-HIPAA-compliant messaging:
1. Increased risk of security breaches
You may have the most up-to-date security system, but all it takes is one unsecured message to spark a lawsuit or data breach. According to a Washington Post analysis of U.S. Department of Health and Human Services data, more than 120 million patients have been affected by more than 1,100 health data breaches since 2009. Causes of data breaches range from tech issues that reveal unencrypted data on search engines to malicious attacks by insiders. HIPAA-compliant messaging remains the first line of defense.
2. Higher IT or administrative costs
In the event of a malicious insider or a data breach, expect your response and remediation efforts to exact a heavy toll. The average cost of a single data breach resulting in lost or stolen records rose 23 percent since 2013 to reach $3.8 million, according to the 2015 Cost of Data Breach study by IBM. In addition to patching vulnerabilities in your compromised systems, you’ll either add to your existing IT team or hire an external auditing company to resolve a data breach, which will push up your costs significantly. There could also be higher costs from customer communication and identity theft protection services if your organization decides to open up an affected patient hotline or offer credit protection.
3. Huge fines by the HHS
Along with the expenses of data breach response and remediation, you may also face the risk of fines by the U.S. Department of Health & Human Services for using non-HIPAA-compliant messaging. In 2014, the HHS Office for Civil Rights issued a $4.8 million fine to two New York healthcare systems for a 2010 data breach. The breach affected thousands of patients, exposing their protected health information, including medications and lab results, due to “a lack of technical safeguards.”
4. Damaged reputation and drop in patient confidence
After a data breach occurs, your organization’s name may be splashed on headlines for both local and national news outlets. This bad press will likely damage your health system’s reputation, resulting in a decrease in patient confidence and perhaps even a decrease in patient visits down the road. Like customers for any company hit by a data breach, patients will want to avoid organizations plagued by security vulnerabilities.
5. Termination by your employer
Someone usually has to take the fall after a major security breach, so a job loss is possible. By keeping systems updated with the best secured messaging systems, you can worry less about job security.
To avoid these consequences and costly data breaches, ensure your messaging tools and technology are up-to-date and provide the protection necessary to keep patient records safe.