A much-touted HHS/OCR ruling regarding a small Arizona cardiology practice underscores the importance of strong compliance with HIPAA privacy and security regulations. As we mentioned in our recent post “Physicians & Social Media: Responsible Online Patient Interactions” – protection of ePHI is paramount when communicating with patients via mobile technology. Note that the HHS Resolution Agreement mentions text messaging specifically (p. 8 & 9).
The Arizona practice failed in several key areas, not the least in training their employees properly on privacy and security compliance. The patients paid the price of privacy infringement, and the practice has paid much more than the $100,000 penalty fee – their violations have been referenced in a multitude of online publications and short blogs for over a month, now. For a small practice, such a blow to reputation can be devastating.
Healthcare, and indeed, any organization handling PHI, must assure the proper safeguards and vendor agreements are in place. HHS is paying attention to organizations of all sizes, not only the large health systems and insurance carriers.