Healthcare compliance is now firmly an IT issue – and that’s not going to change. Now that even our most sensitive health information is digital, IT and data experts need to be involved in all significant compliance issues for healthcare companies. But healthcare is also a business, and businesses tend to lag behind when it comes to doing things they should do. Consider this your wake-up call from IT: Here’s why your health data needs more attention.
1. Compliance Penalties Are On Your Head
It’s good to understand how important compliance is, and even hiring to that effect, but too many companies don’t truly realize what is at stake. This isn’t just about reputation or loyalty or a slap on the wrist: The penalties that follow healthcare compliance are very real, and they can drown a new company with a single mistake. Penalties are even worse if the healthcare business is connected with public works or funding.
Take the Metro Community Provider Network of Denver, CO. The company was recently exposed to a phishing attack (the kind that come from fake messages) that allows a hacker to access employee email accounts. Through those email accounts, the hacker was able to access ePHI (electronic protected health information) of more than 3,000 patients. This was just a disaster, it was in violation of the HIPAA Security Rule, which states that risk assessments must be conducted and that cybersecurity must be implemented to help protect data. The network was hit with a $400,000 penalty, a corrective action plan, and a warning that they were lucky to not lose their federal qualification.
So making silly mistakes like allows ePHI to be accessed by email, or not training employees on the basics of avoiding phishing attacks, do have a very real cost. It doesn’t take much for a hacker to access sensitive information in a system that’s not prepared – and healthcare info is especially easy to sell on the dark web, so don’t think that you aren’t a target.
2. Requirements Can Change Quickly
In IT, we’re used to sudden adjustments: When a data breach occurs, every minute is important. When a new vulnerability in a system or device is discovered, action needs to be taken in days or weeks to move and protect data. Data emergencies are met with immediate plans, and often lead to thorough workplace changes when the damage is great enough.
We know it’s difficult for many healthcare companies to get into this mindset. HIPAA and ICD changes roll out in a timeframe of years, typically with multi-year extensions added onto that. It takes a long time for things to change – and that’s a big problem. Because now that healthcare data is online, the issue of data security is immediate. Important audits and changes need to happen in months, not years. Data vulnerabilities need to be addressed immediately, instead of delayed. It’s time to shift to a much higher gear when it comes to implementing changes.
3. Your Payment Systems Are Behind the Times
Healthcare payment options have started to evolve, which is good. Credit card payments are now common, and credit card processing is now largely electronic. The bad news is that healthcare is still far behind most industries when it comes to payment systems, and the difference is starting to show. Credit card systems in healthcare are in need of important updates, better revenue reporting, and far more security measures. This needs to span to other payment options using online accounts as well.
4. MACRA Is Here, and It’s a Great Opportunity
The Medicare Access and CHIP Reauthorization Act (MACRA) is altering the way that Medicare payments to physicians work, putting a greater focus on data reporting and records. Most requirements go into effect in 2017: We cannot overstate how great an opportunity this is to redesign your data systems for greater security and usability. Bring in compliance and IT experts to revamp your approach to data now.
5. Mobile Is Shiny, Not Safe
Mobile solutions are very popular in healthcare right now, because they are very new, and everyone likes the idea of using a mobile device. But here’s the truth: No matter how excited vendors are or how robust security may be, mobile devices aren’t very safe. They are, in fact, particularly vulnerable to hacks and data theft. While it’s all right to get excited about mobile data, it’s important to remember security requirements, and avoid storing any information on mobile devices that you don’t want to lose.
6. Fraud is On the Rise
Healthcare fraud, especially when it comes to programs like Medicare, is growing quickly. That means greater scrutiny from government agencies – it also means that Medicare documentation and other checks and balances are more important than ever. Data automation and increased security are the best way to deal with this. Don’t let these new, electronically savvy fraudsters take advantage of your company: Prepare for them.
Does your San Francisco healthcare system need a shot in the arm? Let Where To Start know how we can help! Contact us at firstname.lastname@example.org to talk about our latest data security consultations and services.