The Cost for HIPAA Violation
With an estimated 80% of medical professionals now using personal mobile devices, a considerable risk exists that PHI may be accessed by unauthorized personnel. Most messaging apps on mobile devices have no login or logout requirements, and if a mobile device is lost or stolen, messages containing PHI could be released into the public domain.
Rheumatologists must implement safeguards against any HIPAA violation. The fines for a breach can be considerable. The federal fines for noncompliance are based on the level of perceived negligence found within your organization at the time of the HIPAA violation. Fines for HIPAA violations can range from $100 per day or per record to $50,000 per day or per record, with a maximum penalty of $1.5 million per year for each violation.
Healthcare organizations that turn a blind eye to texting in violation of HIPAA can also face civil charges from the patients whose data have been exposed if the breach results in identity theft or other fraud.
For questions or training on HIPAA (including an explanation and examples of the healthcare message exemption), contact the ACR Practice Management Department at [email protected].
Reference
- OCR FAQ. Does the HIPAA Privacy Rule permit health care providers to use e-mail to discuss health issues and treatment with their patients? Office for Civil Rights Headquarters, U.S. Department of Health & Human Services. 2008 Dec 15.
