HIPAA Compliance and Cybersecurity with Gavin Kent


Technology is important. Think about it based on your patient’s or client’s perspective…
– 62% of patients want to communicate with providers by e-mail.
– 61% of patients say digital service is important when choosing a physician.
– 64% of patients would schedule online.
– 2 out of 3 patients would switch providers for access to medical records online.

Reputation goes hand in hand with technology. When most people look for, let’s say a new doctor, they search not only by word of mouth but also by online reviews. You don’t want to risk having damaging reviews based on a lack of proper technology.

How do patients feel about HIPAA?
– 68% of people are not confident that their healthcare providers protect their medical records.
– 53% of people who had an identity theft case believe their providers’ negligence caused or at least contributed to their case.

Not only do you have to be secure and compliant, but you also have to make sure you’re conveying that to your patients / clients so they know it, too.

Breach stats…
– On average, 17k medical records are breached per day.
– 89% of healthcare organizations have experienced a breach over the last 2 years.
– 86% of mistakes are administrative.

The Wall of Shame: where HIPAA breaches/violations are recorded due to organizations:
Failing to assess all risks.
Lack of administrative policies and procedures.
Failure to have a BAA.

The average fine is $1,500,000!

Five key predictors of patient loyalty:
1) Overall satisfaction.
2) Reputation.
3) Satisfaction with problem resolution.
4) Staff following through with what they say they will do.
5) Staff treating patients with dignity and respect.

The three rules involving HIPAA:
1) Privacy rule: sets standards for when PHI may be used and disclosed.
2) Security rule: requires safeguards to ensure only those who should have access to ePHI will have access and no one else. (This rule involves three audits: a security/technical audit, a physical audit, and an administrative and privacy audit).
3) Omnibus rule: Breach Notification Business Associate.

Being secure is different than being compliant. Having proper security measures in place doesn’t mean you are hitting all of the compliance regulations, causing you to be only partially compliant.