Among other things, HIPAA protects the patients’ health information.
Anthem, the largest US insurance company, had to learn this the hard way.
What started with a simple phishing email, has led to the biggest healthcare data breach in history. The hackers stole the data of 79 million patients. The information included their names, social security numbers, and medical IDs.
The enraged patients had sued Anthem and won a $115 million settlement. Although the company avoided the regulator’s fines, it would have to spend up to $260 million to improve its security.
HHS Office for Civil Rights (OCR) oversees the HIPAA compliance. In 2017 alone it has fined the US health care providers for almost $20 million.
Even if you’re a small organization, neglecting HIPAA requirements can lead to serious problems.
In 2013 Fresenius Medical Care North America had five data breaches. Combined, they’ve exposed the data of just 525 patients. But the company had to pay a monstrous $3.5 million fine because it didn’t properly analyze the security risks.