We talk about compliance in the data center world all the time. In fact, the idea of being PCI compliant for financial records (you did see what happened to Target recently right?) or in the medical records world being HIPAA/HITECH compliant has become a throwaway statement.
Well, when you get too comfortable with something to the point that the threat (in this case of fines due to non-compliancy) is no longer seen as even a possibility there is nothing like a little reality check to bring it all back into sharp focus.
HealthIT Security reports on the first HITECH violation fines that were recently handed out by the Department of Health and Human Services (HHS)
Last week, Department of Health and Human Services (HHS) announced that Adult & Pediatric Dermatology, P.C. (APDerm) of Concord, Mass., will pay $150,000 in data breach fines. The most interesting part of the news wasn’t the amount of money that APDerm had to pay – it was the fact that the fine was the first handed out because of a HITECH violation.
It’s not my place to deeply examine the specifics of this case. The reality is that if you are not playing by the rules in the IT space with regard to compliance there are real consequences being felt for that neglect.
So if you have any HIPAA/HIECH compliancy requirements are you now wondering if you are up to speed? You should be. If you really want to be concerned learn about some of the details of this case from another article. I’m not a gambling man but even if I was I doubt this is an area I would roll the dice in.
Are you really willing to roll the dice and risk seriously injuring your business?
UPDATE: The claim of the HealthIT site of this being the first fine may be a bit off unless it is referring to the first fine of this particular kind. BlueCross / BlueShield of Tennessee paid $1.5m in fines in 2012 for a 2010 breach. The point is still valid though. Are you willing to risk huge fines for non-compliance?