A hospital in Hartford, Connecticut and the EMC Corporation, a company that sells data storage, cloud computing, and information security were recently charged a fine of $90,000 following the theft of an unencrypted laptop from an EMC employee’s home in 2012. The laptop contained the personal information of 8,883 Connecticut residents, according to PCWorld.
The data that was being stored on the laptop was protected under HIPAA, which the employee, EMC, and Hartford Hospital violated. The two companies are being fined $90,000 because they failed to reasonably protect that information. EMC has also been ordered to tighten its encryption policies when Protected Health Information (PHI) is stored on laptops and when it is transferred across networks and Wi-Fi.
The hospital also must commit to training its employees about security and privacy. The hospital will have new procedures in place that require hardware and software encryption. They must report to the state’s attorney general at regular intervals to demonstrate their adherence to these new policies, according to Hot for Security.
To sum it up, the hospital must pay a substantial amount of money and they are on probation all because an employee took a laptop with private information home.
This recent news story demonstrates the importance of protecting the personal information of patients and the severity of the punishments when HIPAA guidelines are broken. Hospitals and other healthcare facilities store some of the most sensitive information about people. Patients expect for that information to be kept safe and private. Patients place a large amount of trust on their doctors’ offices.
But should they?
Personal information has become scarily easy for criminals to obtain, especially when healthcare organizations are not doing their job when it comes to protecting that information. However, HIPAA can be extremely confusing to understand and abide by, especially when technologies are changing so rapidly.
But the confusion that HIPAA causes is no excuse. If an organization is storing the personal information of individuals, they must protect it in every way possible. No ifs, ands, or buts. Once and audit, a data breach, or a theft does happen, the healthcare organization is responsible for the consequences of unsecured information. The example above demonstrates this perfectly.
With the ever-changing technologies, the increasing reliance on electronic records, and the tightening of HIPAA guidelines, how does a healthcare organization find the time and resources to follow the rules? They hire a managed service provider who has the experience and knowledge to help healthcare facilities protect their electronic information.
An MSP will not only maintain and update your physical technology and hardware (such as servers, workstations, and laptops) but they will also make sure that your software and your information is protected from any sort of threat: from viruses to theft and from environmental dangers to full-on data breaches. They proactively (as opposed to reactively) take care of your technology in order to prevent future problems.
An MSP with experience in the healthcare industry will know and understand HIPAA guidelines and they will make sure you are following them. At catmandu, we take care of our clients so you can take care of your patients. Our managed service clients enjoy 24/7 network monitoring, remote support, backup and disaster recovery, and more perks.
Oh, and hiring a managed service provider (which comes with a whole team of qualified technicians) is less expensive than hiring just one full-time IT staff member.
It makes sense. To learn more about what we can do for your company, fill out this form for a free network assessment.