Ensuring HIPAA Compliance with Tapal Online Backup and Archiving Services.

Patient privacy has become a major topic of concern over the past several years. With the majority of patient information being transferred over to digital format to improve the convenience, efficiency and cost of storing the data, organizations expose themselves to certain risks.

These risks include the possibility of damage to the computers storing the information by natural disaster or human mishandling, corruption by virus attacks, and even stolen data by unauthorized personnel. Prior to the institution of the Health Insurance Portability and Accountability Act (“HIPAA”) by Congress in 1996, there were no universal standards set in place to identify whether or not a healthcare provider was properly securing patient information. HIPAA was designed to reduce the administrative costs of healthcare, to promote the confidentiality and portability of patient records, to develop standards for consistency in the health care industry, and to provide an incentive for electronic communications. With these standards in place, organizations better protect their systems, and patients can feel confident that their personal medical information will remain private.

Virtually all healthcare organizations are affected by the HIPAA standards. This act applies to any health care provider, health plan or clearinghouse (collectively “Covered Entities”) that electronically maintains or transmits health information pertaining to patients. If you are a Covered Entity, you must establish appropriate measures that address the physical, technical and administrative components of patient data privacy. With the exception of small health plans, all Covered Entities must have had data security standards in place and operational by April 21, 2005, when the Standards for the Security of Electronic Protected Health Information (the “Security Rule”) of HIPAA went into effect for health care providers. Small health plans were exempted until April 21, 2006. The Security Rule requires health care providers to put in place certain administrative, physical and technical safeguards for electronic patient data. Among other things, Covered Entities will be required to have a Data Backup Plan, a Disaster Recovery Plan, and an Emergency Mode Operation Plan.

Why should your organization be concerned with this compliance? Simply put, every patient cares about the privacy and integrity of their health information. More and more people are becoming aware of their rights to keep that data private and are taking action when that data is compromised. With today’s dilemma of identity theft, protecting personal information stored in digital format is critical. Baseline magazine reports that more than 90 percent of data breaches in 2006 were in digital form and some 40 percent of publicly disclosed security breaches were caused by hackers or insider access, specifically targeting sensitive personal information ¹.

The FBI reported in 2006 that the average cost per data breach has reached $4.8 billion and since February 2005, 93.8 million personal records have been reported lost or stolen. With these statistics in mind, you see that not only is data protection vital in protecting individual patients, it is also cost-effective for organizations. By complying with HIPAA standards, you can prevent security breaches to maintain trust in your customers as well as avoid financial loss.

What happens to organizations that do not secure their electronic protected health information (EPHI)? HIPAA is now the law and carries serious penalties for non-compliance. Civil penalties are $100 per violation, up to $25,000 per year for each requirement violated. Criminal penalties range from $50,000 in fines and one year in prison up to $250,000 in fines and 10 years in jail. Non-compliant organizations also face other serious consequences such as losing customers and business partners who refrain from working with companies who do not sufficiently safeguard their EPHI. Additionally, these organizations can suffer from negative publicity and legal liabilities.

After reading this white paper, you will better understand the HIPAA data security standards and can then compare your organization’s security with the current requirements. You will also learn how the Tapal online data backup, archiving and recovery service complies with HIPAA and can help you take a proactive approach to securing your organization’s private data.