The Consequences of Not Taking HIPAA Seriously | Medical Documentation | iData Medical
Privacy. Speech Recognition
In today’s global climate, privacy feels like a thing of the past. Our cell phone numbers, emails, employment and home addresses, credit cards, and so forth are almost daily being compromised by hackers or released due to human error. The effect of this on-going reality is that we’ve become accustomed to the news that the database of yet another Fortune 200 company was infiltrated, and consequently millions of records of American consumers are no longer private. Slowly, this numbing wave of unwelcomed news bleeds (no pun intended) into the medical documentation world. Organizations unintentionally become victims of tolerating this reality. Few are the intentional violators; but many possess the careless and passive attitudes towards HIPAA compliance. Often, they (we) think “Besides, what are the odds that my business will be compromised?” or “what are the odds that my business will be audited and penalized?”
The odds? They are increasing and not in your favor. AGs across the US are clamping down on violators, regardless of cause, and are issuing heavy fines, both civil penalties, injunctive relief, and in rare cases criminal indictments against individuals and organizations that are not diligent with HIPAA regulations. Just because someone else didn’t comply will never exonerate your lack of vigilance.
Take the case of ATA Consulting and Best Medical Transcription which was fined $200K by the New Jersey Attorney General. While the civil penalties are steep, the material and good will impact to the reputation of the defendant is cataclysmic. ATA Consulting (Best Medical Transcription) shuttered its doors and is no longer permitted to operated in New Jersey. For more on this story, click below to read the news release:
[read more=”Click here to Read More” less=”Read Less”]
New Jersey AG slaps medical transcription vendor with $200K fine
ATA Consulting, which conducted business as Best Medical Transcription, agreed to pay $200,000 to settle allegations it violated HIPAA and the New Jersey Consumer Fraud Act after a breach in 2016.
Here are six things to know about the settlement:
1. ATA Consulting and its owner, Tushar Mathur, entered into the settlement with New Jersey Attorney General Gurbir S. Grewal and the New Jersey Division of Consumer Affairs to resolve allegations arising from a 2016 breach, in which the vendor allegedly allowed the public to view online records of patients from Virtua Medical Group, a network of medical and surgical practices in southern New Jersey.
2. Physicians at three VMG practices had contracted Best Medical Transcription to transcribe dictations of medical notes, letters and reports. In 2016, Best Medical Transcription updated its software on a password-protected website that stored the transcribed documents. During the update, the vendor unintentionally misconfigured the web server, allowing the site to be publicly viewable.
3. As a result of the server misconfiguration, the private health information — including names and medical diagnoses — of up to 1,654 patients treated at VMG practices was publicly exposed online. Subsequently, those who conducted web searches for terms included in the dictation information, such as patient names, were able to find portions of the exposed records online.
4. In April 2018, VMG agreed to pay $417,816 to settle allegations it failed to secure these patients’ medical records when they were made accessible online. At the time, the New Jersey Division of Consumer Affairs alleged VMG had not conducted a thorough analysis of the risk associated with electronically sharing protected health information with Best Medical Transcription.
5. Best Medical Transcription, which was based in Georgia, dissolved as a business in June 2017, an act it said was independent of New Jersey’s investigation. Along with paying the fine, Mr. Mathur also agreed to a permanent ban on managing or owning a New Jersey business. Mr. Mathur said he would no longer serve as an officer or trustee, among other positions, of any corporation in the state.
6. The $200,000 settlement amount comprises $191,492 in civil penalties and an $8,508 fine to reimburse the state for attorney fees and investigative costs.
“Patient privacy laws don’t just apply to doctors, they also apply to vendors like Best Medical Transcription,” said Paul R. Rodríguez, acting director of the New Jersey Division of Consumer Affairs. “Our settlement with Best Medical Transcription sends a message that New Jersey requires compliance from all entities bound by patient privacy standards.”
Attribution: Portions of this are the exclusive work of Becker’s Hospital Review, written by
[/read]