The unfortunate reality is that most instances of hacking occur from within a company itself. It’s true that the high profile cases that make the news are successful breaches from outside the company, but the statistics bear out the fact that this is less common than internal breaches.
Recently, an employee of Tampa General Hospital was not only responsible for a variety of HIPAA violations, but was actually sentenced to, and is serving jail time for the breach, underscoring just how critical proper data security procedures and employee vetting are in instances like these.
The case in question saw the employee with access to sensitive patient information for thousands of patients, use it improperly, filing at least 29 bogus tax returns requesting refunds totaling nearly a quarter of a million dollars.
She’s not alone. In fact, the Department of Justice has displayed a new eagerness to go after HIPAA violations, adding yet more teeth to the already severe fines companies can face when violations are found.
With this in mind, it’s clear that proper employee training isn’t enough. It’s clear that having robust data handling procedures isn’t enough either, at least not by itself. Had the hospital had sufficient auditing procedures in place, it’s very likely that they could have caught the improper access of patient data in time to catch the employee before any damage could be done.
If you deal with HIPAA regulations in the conduct of your business, you know how challenging it can be just to meet the minimum standards in place, but as cases like these indicate, you need to go above and beyond even that high bar. We can help. If you’re concerned about your company’s data handling procedures and want to make sure you’re doing all that you can to ensure compliance, contact us today and we’ll assign a member of our knowledgeable team to you, perform an assessment of your current procedures, and help ensure you are, and remain fully compliant with the law.