They say you never know until it hits you. Whoever “they” are, they’ve got a point – especially if the “it” is failing to secure someone’s personal, protected health information (PHI). Once this sensitive data is divulged, the genie is out of the bottle – and the impact can be staggering.
Just ask Advocate Health System, past bearers of a $5.5 million fine from the Office of Civil Rights (OCR) for allowing 4 million records to be breached (in 3 separate occasions), back in 2013. Among the security lapses was an unencrypted laptop containing patient records, stolen from an employee’s car.
Even more than the costly, regulatory fines that may come with HIPAA violations, ($100 to $50,000 per incident, depending on your degree of negligence, such as failures to do risk assessments and encrypt devices), the real issue is your customer’s welfare. If their personal, protected health information is made public, it damages them personally. Not only will you have lost the trust of someone you’ve sworn to “do no harm to,” but they may even decide to take legal action against you for damages.