Technical advances have changed medicine in ways we couldn’t have imagined even 20 years ago. We have robots that can assist with surgery, lasers that can destroy tumors without ever opening the skin, and electronic health records that allow doctors at different locations to access the same patient’s medical records instantaneously and provide the best care possible.
Unfortunately, due to the nature of these networked devices, these technical advances also come with a host of potential legal problems.
How can tech cause legal problems for those in health care, and how can medical professionals adopt these new technologies while still protecting themselves?
HIPAA Violations Cost
The Health Insurance Portability and Accountability Act, or HIPAA, was created to define privacy standards for patient information. It provides guidelines for everyone in the medical profession, from nurses and doctors to insurance providers and everyone in between, all with one goal in mind—protecting patient information and ensuring their privacy.
The fines accompanying a HIPAA violation can be crippling, especially for a small or independent practice. Individual penalties vary between $100 and $50,000 per violation, with a maximum penalty of $1.5 million in fines per year. Depending on the type of violation, whether it was committed knowingly or unknowingly, there can also be criminal charges brought against the professionals.
Between the fines, the potential criminal charges and the potential damage to a practice’s reputation, it’s always important to check if you’re HIPAA compliant, and if you aren’t, to correct any violations as quickly as possible.
Text Messaging in a Medical Setting
Nearly everyone uses text messaging now—whether you’re sending a message to your friend or letting your boss know you’re going to be late for work, it’s a fantastic tool for quick communication. This is also why, for a short time, it was a useful tool for medical professionals to communicate patient orders and information.
Due to a lack of usable security protocols, texting was banned in 2011. Essentially, it was impossible to ensure the text messages were being sent to the proper individuals, and it was not possible to ensure the patient information was being kept secure. Each text message sent was a potential HIPAA violation, so the practice was banned.
In May of 2016, medical text messaging was allowed as long as patient orders weren’t the subject of the text. The theory was that in the intervening five years, technology had advanced enough to allow these text messages to be secured. But after six months of testing, it was determined that there wasn’t enough time for these security protocols to be safely implemented, so the practice was banned again in December of that year.
The Problem of Networked Systems
Networked systems provide efficient tools to allow health care professionals to provide the best care possible for their patients, but they present the same problem that any networked system presents—security. While it is possible to secure a system such as this, there is always the possibility of a hacker finding a flaw or backdoor that allows them to access private patient information.
This is becoming more common than many people believe—for hackers, patient information is more valuable than credit card information or a person’s identity because it’s not monitored as closely. People check their credit report. They check their credit card and bank statements for fraudulent transactions. They don’t often check their medical records to see if equipment, medication or procedures have been prescribed to them that they don’t remember, allowing thieves to make thousands of dollars or more before the leak is discovered.
Older technology is also putting patient information at risk. Equipment that uses older operating systems, especially ones that are no longer supported by their creators, is at risk because as the technology ages, more security holes can develop. The WannaCry hack that took down computers in hospitals all over the world earlier this year is the perfect example of this — the hackers took advantage of equipment running older, unsupported operating systems.
In this case, it was Windows XP, an operating system Microsoft stopped supporting in 2014. By exploiting a code that allowed files to be uploaded to drop boxes and other file-sharing sites without the user’s permission, the malicious code was able to spread to hundreds of thousands of computers virtually unchecked.
Advanced technology may be a great tool, but it requires advanced security to ensure HIPAA compliance.
Tech is a great way to provide better patient care, but it needs to be adopted in a manner that allows health care professionals to protect their patient’s information as well as themselves.
HIPAA violations come with monetary fines and even criminal charges, depending on the severity of the breach and how much was known about the breach at the time. Protect your patients, your clients and yourself by ensuring you are HIPAA compliant at all times.