On January 25, 2013, the Department of Health and Human Services published the final privacy and security regulations under the HIPAA Act of 1996. The final rule became effective on March 26, 2013; however, Covered Entities have until September 23, 2013 to comply. The final omnibus rule has been described as “the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented.” Penalties are increased for noncompliance based on the level of negligence with a maximum penalty of $1.5 million per violation.
New HIPAA laws have brought a greater awareness among healthcare providers that data security is now more important than ever. According to Ponemon Institute, the frequency of data breaches in healthcare have increased 32 percent in the 2011 and cost the industry an estimated $6.5 billion annually. According to the study, 94 percent of healthcare organizations say they have suffered at least one data breach in the past two years and 45 percent of organizations experienced more than five data breaches each during this same period.
On July 15, 2013, more than 4 million patient of Advocate Medical Group were at risk after four unencrypted computers were stolen from a Park Ridge administrative building. This significant breach is the second-largest HIPAA violation ever reported to the Department of Health and Human Services (HHS). Advocate Medical Group is now facing a class-action lawsuit from patients who claim the group did not do enough to protect their data.
If you would like to speak with a BTRG representative and learn how your company can ensure compliance and reduce risk, contact us today