What You Don’t Know Could Hurt You: 7 Misconceptions of HIPAA Violations

HIPAA violations pose a very real threat for today’s healthcare organizations and independent group practices. But there are also a lot of misconceptions floating around. With patient privacy (and your business) on the line, you can’t afford to be misinformed. Check out these common myths.

Common Misconceptions About HIPAA Violations:

Misconception #1: I’m too small to be a target.

Actually, small and midsize businesses face the same cyber threats as large enterprises but have a fraction of the budget to deal with them. According to references in this report, more than 40% of small businesses don’t have an adequate IT security budget. That means smaller businesses are more likely (not less) to be at risk for HIPAA breaches.

Misconception #2: HIPAA violations are no big deal.

Not true. If your healthcare organization or group practice has a data breach or HIPAA violation, you risk hefty fines (which increased in 2020), civil penalties and public scrutiny on the Department of Health and Human Services (DHS) “Wall of Shame.” These repercussions can have a serious (and costly) impact on your organization’s business and reputation.

Misconception #3: I can’t afford to be HIPAA compliant.

Yes, you may need to spend some money bringing your organization into compliance, but the hard reality is that the cost of non-compliance is simply too steep. According to this report, while the cost of a HIPAA audit itself could be tens of thousands of dollars, the fines for non-compliance can range in the millions.

Misconception #4: I’m not a physician provider group, so I don’t need to worry about HIPAA compliance.

In reality, HIPAA applies to all “covered entities” (e.g., health plans, healthcare providers and healthcare clearinghouses), but also their business associates (i.e., third parties that perform certain functions like claims processing, administration or storage of personal health information). Even if you’re simply a “business associate” of a healthcare organization, you need to be HIPAA compliant.

Misconception #5: My IT partner doesn’t need to follow the same HIPAA compliance rules.

Wrong. Outsourced IT partners and data hosting providers (like Proxios) are considered “business associates”. This means they must follow all the same HIPAA regulations and strict security requirements as their healthcare clients. They must be just as well versed on cybersecurity and protection of these critical data records.

Misconception #6: HIPAA Violations are not going to happen to me.

Actually, you can’t be so sure. The organizations on the HIPAA Breach List (aka the DHS “Wall of Shame”) may have had the same idea—and are now paying the price. When you consider the potential consequences of a HIPAA violation, including stiff penalties, broken patient trust, and potential loss of business, it’s easy to see why it’s better to be safe than sorry.