Confidential 1It’s difficult being on the receiving end of a HIPAA violation; just ask any one of the many healthcare providers who have mistakenly lost patient information, either through a breach in the firewall, a lost or stolen laptop or a lost CD with medical imaging burned into it.

The problem isn’t unique to American providers – Great Britain has also seen its share of cases, including one where the National Health Services (NHS) apparently lost track of 1.8 million patient records in a 12-month span. That’s a total of 5,000 records missing on a daily basis. The NHS also allegedly sent details on terminally ill patients via fax to the wrong number. What was the cost of these violations, you ask? More than £1 million ($1.7 million U.S.).

Mistakes happen, but when patient information is part of the mistake, punishments are handed down quickly. If an individual violates a HIPAA rule unknowingly and can prove that they couldn’t have known they were violating the law, they are subject to $100 per violation to a maximum of $25,000 for repeat violations. Maximum annual penalties like this can go up to $1.5 million per year. Violations made due to a reasonable cause and not due to willful neglect can garner a $1,000 per violation fine. Willful neglect where the violation is corrected can cost $10,000 per violation. Willful neglect that goes unfixed will cost a healthcare provider $50,000 per violation.

In May, the U.S. Department of Health & Human Services reported that two health care organizations agreed to a settlement on their violations that totaled $4.8 million, which is the largest HIPAA settlement to date. In this case, 6,800 individuals, including patient status, medications, laboratory results and vital signs were all disclosed.

In April, the agency reported that $1.9 million in fines were paid for HIPAA security rules violations. In this case, unencrypted laptop computers were stolen as well as other mobile devices, all of which had confidential patient information on them.

Most people guard their expensive laptop computers fairly vigilantly; however, less expensive items like CDs get less protection, even when they contain confidential patient information. Many radiology departments rely on their CD burning technology to provide medial images to patients or to their physicians, either by hand or through the mail. These flimsy discs can be quite a liability if they get into the wrong hands.

The solution that some providers are going to is called virtual CD. The virtual CD utilizes no CD burning technology – instead the technology is all in the cloud.  Without a doubt many critical access hospitals and clinics, as well as larger facilities, are working through challenges with silos of data and new requirements for managing it. At the core of the problem is the reality that existing systems weren’t established with the end outcome of linking up numerous image systems and numerous patient image across physicians and hospitals, but the solution is available in the virtual CD format. Based on truly Vendor Neutral Archiving, organizations who manage their data seamlessly in a virtual CD environment can not only prevent data disasters, but also increase patient diagnosis and care while reducing workflow problems that have been associated with PACS-based images.

OffSite Image Management, Inc., offers the virtual CD to its clients who know that having quick access to patient information is the key to providing better healthcare to the patient. All images are shared over a secure and encrypted connection that can be viewed on any device. For more information about OffSite’s approach to security, visit us online at offsiteimagemgt.com/.