If you are traveling back and forth to work with client files in your car, you might want to start taking precautions, especially if you’re working in a Health Care related field.
Imagine this scenario…
You’re just leaving the office after a long day.
But like any good hard working employee, there’s always more work to be done and hard deadlines that need to be met.
So you pack up a few client files and load them into the back seat of your car so you can do a little work at home.
On the way home, you remember that you have to stop by the grocery store to get some milk and cereal so the kids can eat breakfast in the morning.
By the time you eventually get home, and get the groceries into the house, you’re just too tired to consider any more work for the evening and decide that you’ll wake up extra early in the morning to get a few things done before leaving for work.
Now, imagine if at some point in the above sequence your car is stolen or broken into and your briefcase is stolen. If this were to ever happen, you’re going to have to come to grips with some potentially painful consequences.
You are going to have to notify your clients that their documents were stolen and there’s a potential for identity theft. And let me say, you want to be the one that informs the client of this. The last thing you want is for the police or a news agency to find the documents and inform your clients before you do. The best thing to do is to get out in front of the situation and to do the explaining fist hand.
Just to give an example of some of the penalties that can be involved when it comes to medical information and HIPAA (Health Insurance Portability Accountability Act), here is a listing provided by the American Medical Association (AMA):
| HIPAA Violation |
Minimum Penalty |
Maximum Penalty |
| Individual did not know (and by exercising reasonable diligence would not have known) that he/she violated HIPAA |
$100 per violation, with an annual maximum of $25,000 for repeat violations (Note: maximum that can be imposed by State Attorneys General regardless of the type of violation) |
$50,000 per violation, with an annual maximum of $1.5 million |
| HIPAA violation due to reasonable cause and not due to willful neglect |
$1,000 per violation, with an annual maximum of $100,000 for repeat violations |
$50,000 per violation, with an annual maximum of $1.5 million |
| HIPAA violation due to willful neglect but violation is corrected within the required time period |
$10,000 per violation, with an annual maximum of $250,000 for repeat violations |
$50,000 per violation, with an annual maximum of $1.5 million |
| HIPAA violation is due to willful neglect and is not corrected |
$50,000 per violation, with an annual maximum of $1.5 million |
$50,000 per violation, with an annual maximum of $1.5 million |
See the full article by the AMA here at: http://www.ama-assn.org/ama/pub/physician-resources/solutions-managing-your-practice/coding-billing-insurance/hipaahealth-insurance-portability-accountability-act/hipaa-violations-enforcement.page
In a recent health care data breach case brought against health insurer Wellpoint, Inc. by the Attorney General of Indiana: Wellpoint agreed to pay the state $100,000; to provide two years of credit monitoring and identity-theft protection services to consumers affected by the breach; plus to provide reimbursement up to $50,000 to any Wellpoint consumer for loses that result from identity theft due to the breach.
Current data breech laws do have teeth and this should certainly raise the awareness of anyone dealing with consumer health data. Taking precautions is mandatory.
Here are some tips you can take in order to protect work documents that are routinely transferred to and from your secure office location:
- You will want to have an accurate accounting of what documents were stolen. Only keep a minimal amount of client information you need when transporting documents back-and-forth between your office and home. If multiple employees are routinely taking home client information, you may want to implement a client information checkout procedure at the office. It’s much better to know which clients were affected than having to notify each and every one of your clients.
- Don’t assume your vehicle is safe. Keep in mind that you have customers’ information sitting in the car if you decide to make pit-stops on the way to or from the office. When you get home, be sure that you also bring in the documents where there’s a more reasonable expectation that they are safe.
- Don’t leave documents lying around at home, in the office, or in the car if at all possible. This information should be protected just as you protect the information in your computer with passwords and behind firewalls. Keep physical document with sensitive information in secure filing cabinets or perform routine file shredding with reputable paper shredding service if they are no longer needed.
It should be clear to everyone that is now dealing with sensitive customer health related data that the state and federal governments are taking identity-theft and data breaches extremely serious. Taking a few extra moments and steps to protect your customers data is not only the right thing to do professionally, but it is also an important policy to implement in order to protect the good name and reputation you’ve taken so long to build.
Until Next Time… Keep Totally Secure!
Your Friend,
Mike Krauss
Head Shredding Guy
Total Secure Shredding
