Avoid Millions in HIPAA Violation Fines.
As many of you know, the Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting ePHI. Fines for violating the rule range from $100 dollars per violation for reasonable diligence to $10,000 per violation for willful neglect. The fine for willful neglect that goes uncorrected for more than 30 days is $50,000 per violation.
It adds up. Just ask the University of Texas MD Anderson Cancer Center as they prepare to pay $4.3 million dollars in civil monetary penalties for HIPAA violations. OCR accused MD Anderson of violating the HIPAA Privacy and Security Rules after they failed to encrypt devices that handled ePHI. More than 33,500 individuals had their information exposed when a laptop and thumb drives were lost in 2012 and 2013.
If you work in healthcare, this is your worst nightmare. So how do you protect your organization? Luckily, the MD Anderson case provides new information that can help you improve your privacy and security program.
Watch Marcie Swenson's on-demand webinar, MD Anderson: How Their Mistakes Could Improve Your Privacy and Security Program, to learn how to protect your organization from thousands or millions in fines and learn:
- The OCR Investigation Process, Notice of Proposed Determination, and the ALJ’s Summary Judgement Decision
- How Thorough and Regular Privacy and Security Risk Analysis and Risk Management is the Preeminent Way to Keep the OCR at Bay
- How to Ensure You Meet Simple Security Rule Requirements That Were Skipped by MD Anderson
- Specific Solutions That You Can Implement to Avoid Making “MD Anderson” Mistakes