With the second round of HIPAA Phase 2 Audits ending around the New Year, many organizations are holding their breath. The third round moves from mere desk audits to more comprehensive site visits, but assuming you’re not picked, you’re out of the woods, right? Not exactly.
The Office of Civil Rights gets nearly 20,000 complaints each year, and they’ve given every indication they’re stepping up enforcement to address customer privacy concerns. And even if you’re running a HIPAA compliant cloud, there are other factors to consider. It’s possible your business partners could make mistakes. This is why it’s very important to have a HIPAA Business Associate Agreement (BAA) in place.
If a hacker steals Protected Health Information (PHI) from your partner’s cloud, they can use patient identities to fraudulently bill health insurers, or perpetrate other types of financial fraud — such as opening an account in the victim’s name.
This can hurt your patients’ credit scores, make it harder for them to receive treatment, and expose them to calls from creditors. And if the thief uses a patient’s identity to seek treatment, it could lead to incorrect health records, posing a serious risk to the patient.
These breaches have consequences for providers as well. A serious corporate security incident can increase regulatory scrutiny. Even if you meet HIPAA compliant file storage requirements and have adequate safeguards, there’s always a chance that an employee could overlook a rule. And if that happens, past complaints could count against you, increasing the settlement fine and remediation requirements.
Build a HIPAA Compliant Cloud That Protects Data Everywhere
Trust is not a control, but your BAA can be if you use it right. HIPAA is technologically neutral — it allows entities to choose their own tools, provided that they meet minimum standards. But there’s no reason your BAA can’t place very specific requirements on your partner’s HIPAA compliant cloud.
With the right secure email and file encryption solution, you can keep PHI safe — even when it’s not in your hands. Data-centric encryption protects emails, attachments and files individually, protecting them from hackers and security lapses by your software providers.
HIPAA Compliant Email and file storage from Virtru Pro has the additional benefit of protecting patient communications, something that portals rarely accomplish, because of dismal adoption rates. Virtru allows you to send encrypted email and attachments directly to patients, who can read and securely respond to them with a few clicks — no installations or new login credentials required.
Virtru Pro also provides G Suite Encryption, adding an extra layer of protection. By combining the G Suite platform with data-centric encryption and data loss prevention (DLP), covered entities can ensure critical levels of security and compliance, regardless of where you or your recipients share your data.