Gajus - Fotolia

Q
Get started Bring yourself up to speed with our introductory content.

Q&A: The main reason healthcare organizations violate HIPAA

The second round of HIPAA audits have commenced, and most likely some healthcare organizations will be found to violate HIPAA. A health IT expert discusses common mistakes.

The second round of HIPAA audits has begun, with the Office for Civil Rights notifying 167 healthcare organizations via email that they will be investigated to see if they are complying with HIPAA.

Healthcare organizations that violate HIPAA have often been dealt hefty fines ranging from hundreds of thousands of dollars to millions. Only time will tell what the results of this second round of HIPAA audits will uncover.

Michael Archuleta, director of IT and HIPAA security officer at Mt. San Rafael Hospital in Trinidad, Colo., predicted that HIPAA violations will continue to rise. In this Q&A, Archuleta discusses why he thinks healthcare organizations will continue to inadvertently violate HIPAA, and what technologies he thinks will help them better achieve HIPAA compliance.

What do you think will be the most common reason healthcare organizations violate HIPAA in this next round of HIPAA audits?

Michael Archuleta, director of IT and HIPAA security officer at Mt. San Rafael Hospital Michael Archuleta

Michael Archuleta: I believe that the most common reason that healthcare organizations violate HIPAA during audits is because most healthcare organizations assume HIPAA compliance to be a one-time project, rather than an around the clock, everyday practice. I've always said that it costs far less to address HIPAA compliance full on and develop a good program, rather than having to justify the defense of the organization and try to mediate penalties from OCR. Therefore, if healthcare organizations continue to think that compliance is a one-time project and continue to refuse to address it with a lack of importance, rather than recognizing it for an ongoing work in progress that is necessary to the overall security of the organization, the numbers of HIPAA violations will continue to rise, especially within this next round of audits. 

What technologies do you think are best suited to help healthcare organizations achieve this "around the clock, everyday practice"?

Archuleta: HIPAA compliance software is a great tool to help your organization stay HIPAA compliant. The way I see it, there are three kinds of solutions on the market today: consultant-based solutions that, in my opinion, leave you exposed over the long term; partial solutions that fail to address everything the regulation entails; and total solutions that address the full extent of the regulation with comprehensive guidance through self-controlled audits. A total compliance solution accounts for all aspects of HIPAA regulation and provides organizations with the support necessary to stay compliant with OCR requirements.

Could you give some specific examples of technologies?

Archuleta: Some specific examples of technologies: HIPAA-based compliance software, encryption [and] secure texting.

Next Steps

What is and isn't covered by HIPAA with wearables

A HIPAA compliance plan for app developers

Start with HIPAA to secure protected health information

This was last published in August 2016

Dig Deeper on Electronic health records security compliance

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What technologies do your healthcare organizations use to remain HIPAA compliant?
Cancel

-ADS BY GOOGLE

SearchCompliance

SearchCIO

SearchCloudComputing

SearchMobileComputing

SearchSecurity

SearchStorage

Close