Are you doing enough to keep your patients’ personal and medical records secure? One security breach or lapse in adherence to regulatory requirements can mean big trouble for your business. In fact, the total dollar amount of fines levied for non-compliancy has more than tripled from $6.2 million in 2015 to $23.5 million in 2016. This year alone, more than $16.7 million in fines have been levied so far.
Unfortunately, the divide between what is required for compliance and the misconceptions that business owners have about being compliant is more extensive than ever. In an effort to help bridge that knowledge gap, we’ve put together a list of five major risk areas for compliancy failure.
Collection and Use of Personal Data
Rules vary by state with California having the most rigid stance per its Online Privacy Protection Act. Collecting personal data online often goes hand in hand with email or mobile marketing activities both of which are strictly governed to protect the recipient.
Protection of Intellectual Property
Make use of registered trade mark symbols where authorized to do so and make sure that you have obtained all appropriate licenses and consents for the use of third party material including online images.
Terms and Conditions of Use
The fine print of your website should cover core issues such as liability, content control, law and jurisdiction. Placing Terms and Conditions (T&Cs) on your website will not bind all users. To have a binding contract, your T&Cs need to be accepted by the user.
Accessibility for Users with Disabilities
The ADA Standards for Accessible Design (2010) set requirements for all electronic and information technology, including websites of private employers with 15 or more people, to ensure accessible to people with disabilities. Modifications in design and layout should be made to improve the usability for those who are blind, deaf, or have mobility issues.
HIPPA and PHI security
HIPAA sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI), electronic or otherwise, must ensure that all the required physical, network, and process security measures are in place and followed. Anyone with access to patient information is subject to HIPPA including healthcare providers, support staff, subcontractors and business associates.
Don’t Let This Happen To You – Fined $25,000 for Patient Testimonial Violation
In February 2016, after a four-year battle, a small physical therapy office received a $25,000 fine for violating HIPPA. The violation came in the form of a patient testimonial video posted to its website that exposed a patient’s PHI without permission. Don’t let this happen to you! While online testimonials are a great way to attract new patients to your eye care practice, you must make sure they are collected and used in a manner that is compliant.
iMatrix takes your website’s security and protection of your client’s data seriously. As a HIPPA-compliant company, we’ve taken the steps to ensure your website, email, data, and client contacts are secure. Contact us if you have questions or concerns about how to make your website compliant.