The Health Information Portability and Accountability Act, also known as HIPAA, sets the standard for healthcare data protection. Health information must be protected. The information regulated by HIPAA is called protected health information or PHI. This directly affects hospitals and clinics, assisted living communities, human resources personnel files (FMLA and ADA), as well as today’s technology.
Now more than ever, we are technology driven in just about every aspect of lives – millions use fitness trackers, smartwatches that record and track bio-metric data. Apps on phones and tablets also maintain and store health information, and it keeps evolving. Even Amazon’s Alexa voice-activated assistant has become HIPAA compliant.
Beyond the apparent confidentiality reasons, fraud related to the protection or lack thereof of health information is a billion-dollar industry. The risks and fines associated with HIPAA violations can be as high as $25,000.00 per instance. In 2018, the University of Texas MD Anderson Cancer Center was given a penalty of $4.3M for HIPAA violations by the Department of Health and Human Services (HHS) for failing to protect health information. Another HIPAA violation case that made headlines involved a former nurse who stole protected health information from over 105 patients and filed fraudulent tax claims with the IRS totally over $1M.
Internal snooping can garner fines and embarrassment as well. In 2019, Northwestern Memorial Hospital fired dozens of employees for violating HIPAA and their institutional guidelines for patient privacy when it was determined that employees illegally accessed the medical files of actor, Jussie Smollett, who was treated and released during a high-profile case that gained national attention. In 2008, UCLA fired 13 employees and suspended six others for accessing the popstar, Britney Spears’s medical records.
Again, healthcare organizations are not the only ones that need to be HIPAA compliant. Any organizations, entities, vendors, or individuals with potential access to PHI data must be compliant. This includes billing, human resources, insurance providers, shredding services, IT service providers, email encryption services, and cloud or physical storage providers should ensure HIPAA training, education, and awareness. Also, any companies that offer technologies that monitor, record, track, or analyze biometric activity need to ensure their devices are operating in compliance with HIPAA guidelines and security rules.
Companies need employees who are knowledgeable about HIPAA to help enforce and ensure HIPAA compliance enterprise-wide. The best way to recruit and screen HIPAA specialist is to administer HIPAA assessment tests to ensure the candidate has knowledge and understanding of HIPAA rules. For instance, privacy rule, security rule, omnibus rule, and breach notification rule.
eSkill is the #1 skills assessment test provider to Healthcare organizations. Use HIPAA tests to build more competent organizational practices, culture, and communications around HIPAA compliance.