An initial Health Insurance Portability and Accountability Act audit program conducted by the Department of Health and Human Services in 2012 found a variety of HIPAA privacy and security problems. The initial findings released in June discovered security challenges at larger healthcare organizations, issues mitigating the risks posed by third-party service providers and serious compliance failures with smaller, cash-strapped providers. Organizations that are not maintaining a security program face loss of contracts, criminal and civil investigation, federal penalties and state fines. A data breach could also result in reputational risk, legal costs and costs ensued as a result of having to notify patients.
Here are five HIPPA requirements that organizations must comply with as well as advice from security experts on how to meet those requirements.