promo
HITECH

Could Your Data Backup and PHI Storage Practices Place Your Clinical Facility Under Risk of Federal Fines up to $1,500,000 Under
The HITECH ACT OF 2009?

The Act

The Health Information Technology for Economic and Clinical Health (HITECH) Act was enacted on February 17, 2009, as Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 (ARRA) (Pub. L. 111–5).

The Great News!

For many physicians this was welcomed news as it provided reimbursement funding from the Federal government for the acquisition Electronic Medical Records systems and other related technologies.

The Risks for Physicians

The Act mandates the steps physicians must take in an event their PHI electronic data is compromised due to neglect, acts of G-d or other criminal events. It is the responsibility of every physician to protect Patient PHI at all times. The data must be encrypted at all times deemed necessary to protect patient information as defined in HIPAA. Physicians can be held liable for PHI being compromised regardless of the reason.

The Act at section 13402(h) defines ‘‘unsecured protected health information’’ to mean PHI that is not secured through the use of a technology or methodology specified by the Secretary in guidance.

How much Does a PHI Breach Event Cost- Case Study

Who Breached:                 University of Utah Hospitals and Clinics

Number Affected:             2,200,000 Patients

Information breached:    SSN Numbers & billing records 

How:                                     Backup tapes stolen from delivery vehicle

Event details:                    A courier delivering billing records on backup tapes to a storage center, failed to immediately drop off the records. Instead, he went to work a second job and then went home. The records were stolen from the vehicle.

Actual Costs Associated with the event: 

Mail Notification (stamps and envelopes)               $500,000.00

1Yr Credit Monitoring for Affected Patients         $22,000,000.00

Total Cost                                                                 $22,500,000.00

Could Your Practice Be The Next “University Hospital”?

YES! - If Your Practice Conducts Backups With One Of These Unencrypted Methods

Flash_DriveBU_TapeCD BU_Drive

         Flash Drive                    Backup Tape                 CDR                 External Hard Drive
       Elevated Risk                  Elevated Risk          Elevated Risk              Elevated Risk

All these methods are Easy-to-Steal, Eassy-to-Destroy, Easy-to-Forget and Easy-to-Lose

Many healthcare practices use these methods to create backup sets of their PHI in accordance CLIA and CMS regulations. The regulations mandate the safeguard of PHI for a period of no less than 10 in the most stringent states.

These methods are commonplace and create unimaginable high levels of exposure for physicians and healthcare practices combined. There are countless reports of disgruntled employees losing, misplacing, and erasing patient data.

 The Penalties
Tier A
$100 per violation, not to exceed $25,000 (per calendar year) for violations in which the healthcare entity did not realize they violated the Act and would have acted in a different manner if they had prior knowledge.

Tier B
$1,000 per violation, not to exceed $100,000 (per calendar year) for violations due to reasonable cause, but not cannot be constituted as “willful neglect.”

Tier C
$10,000 per violation, not to exceed $250,000 (per calendar year) for violations due to willful neglect and which were eventually corrected by the healthcare identity.

Tier D
$50,000 per violation, not to exceed $1,500,000 (per calendar year) for violations of willful neglect and which the organization did not bother to correct the event.  

 Being a “Cybercrime Statistic”    →VERY Expensive

“Doing it Right”                              → Affordable, Efficient and Safe!

Mitigating the Risks  and Creating a More Robust and Dependable Medical Practice

Fortunately, being proactive, compliant and low risk is easier and cheaper than ever!

Benefits

Savings
No daily employee involvement required No more annoying tape drives
No need to take backup tapes home or lock them up- and employees are not walking the streets with the clinic’s patient data

No more employee hours required to run backups
Data is stored in an encrypted state in accordance to HIPAA and HITECH (Powerful and safe 128bit “Two Fish” encryption)

Changing technologies- your data is recoverable regardless of technology changes
Maintain as many versions as required of the data without ever changing media Disaster recovery measures
Encrypted data is stored in a hurricane proof data center with multiple redundancies No more expensive backup-tape-drive maintenance contracts

Receive a Complementary Network Audit
One of the great benefits of our NO-Commitment audit is the 23 point Network Audit. Our Data security experts will review  your entire computer system and provide you with a full report on the clinic’s “IT Health”. The audit will cover servers, desktops, hubs and switches, printers and telephony.

Why Should You Care About This?

Because there are at least 7 Ways hackers and viruses can access your network and clinic data-undetected! Once they are in they are free to:

  • Embezzle all your data (customers, contacts, financials), Steal your identity
  • Download and sell your PHI
  • Distribute spam and viruses  and other illegal actions

There are 17 regular maintenance checks and updates that need to be performed on servers to ensure they don’t slow down, become unstable and susceptible to viruses, spyware and hackers.  

Unstable systems lead to clinic downtime and loss productivity

Save money on IT maintenance, hardware productivity and much, much more!

But you can’t save if you don’t call!

The Next Step

Call BlueLight IT for FREE, NO COMMITMENT Audit               561-282-2225         561-282-2225

Also Visit us at www.bluelightit.com