Electronic health record systems have become an essential component of most medical practices. Whether you are working at a hospital, an ASC or in your office, you’re working in a digital world. This will only expand as health information exchanges and patient portals are implemented. In this digital age, practice comes with significant risk of "cyber attack," which could result in a breach of protected health information (PHI) and the associated penalties. As of December 2012, there were almost 500 breaches of more than 21 million patient records. Since July 2011, physician practices have been the most breached organizational type.
Internal processes to prevent breaches of data are imperative for your practice. Do you have a designated HIPAA security professional? Who in your practice is knowledgeable of cyber security? Do you perform background security checks on prospective employees? Are you using cellphones to transmit PHI to other members of your practice?
Physicians are required to develop and maintain a compliance program in their practice under the Affordable Care Act (ACA). While the federal government has yet to release guidelines on what these compliance programs should look like, Section 6401 of the ACA requires that all providers and suppliers institute formal compliance programs. New practices will no longer be able to enroll in Medicare or Medicaid without a compliance program in place, and existing practices also will be expected to institute them.
Even the most technologically advanced practices can be vulnerable to a cyber-breach. As part of your compliance program, do you have cyber insurance to protect your practice from this liability? The basic components of cyber insurance are detailed in this table. Contact your liability/medical malpractice carriers to see if you are covered.