Healthcare facilities are entrusted with extremely sensitive patient information. Although this ensures the best possible care quality, the consequences could be disastrous if said information ever leaked. Thanks to The Health Insurance Portability and Accountability Act of 1996 (HIPAA), facilities must comply with certain standards to ensure that patient information is sufficiently protected by the facilities themselves. The consequences of violating HIPAA extend far beyond even the most significant legal ramifications and fines. Facilities who break patient confidentiality may find themselves permanently etched onto the “HIPAA Wall of Shame.” What is the Wall of Shame, and why could this prove disastrous for a facility’s long term success? Read on to learn more.
What is the Wall of Shame?
The “Wall of Shame” is a colloquial term for the Breach Notification Portal. This website is jointly run by the Department of Health and Human Services and the Offices for Civil Rights. It lists facilities and individual people who are responsible for data breaches that have compromised 500 or more people. Put simply, this website lists institutions who have severely violated the stipulations laid out by HIPAA. Site visitors can look at three sections: Cases that are Under Investigation (or cases that took place within the last 24 months), or older cases in the Archive section.
How do these data breaches happen?
HIPAA is broken when Protected Health Information (PHI) gets leaked to other people without prior consent. This includes your name, address, laboratory results, insurance information, sensitive medical information and more. Even photos and video recordings are PHI and cannot be publicly shared without a written letter of consent. Out of necessity, most PHI is stored in an electronic database in an in-house server. These files are referred to as “ePHI,” and hospitals have to make sure they are sufficiently protected.
Data breaches happen when this PHI is leaked out, either due to a hacker attack, physical theft, or a significant security oversight .Regardless of intent or circumstance, a facility will be put on the Breach Notification Portal if they experience a significant enough data breach that affects a certain number of patients.
What do reports look like?
The Breach Notification Portal contains extremely detailed reports of the incidents and the individuals and the facilities behind them. Every case listed contains the following information
- Covered entity type
- Affected Individuals
- Breach submission date
- Breach type
- Where the breached information was located
- Expand all
Why facilities should avoid the HIPAA Wall of Shame
Being listed on the Wall of Shame is not only embarrassing, it could destroy a facility in the long run. The healthcare industry is run on trust between the patient and the healthcare providers. Patients entrust their sensitive information, to ensure that HCPs can provide the best healthcare service possible. When that trust is breached, it is hard to regain it. Regardless of how the information was listed, most people who visit the “Wall of Shame” will not read the full reports. They will see your facility’s name on the Breach Notification Portal, and steer clear. More realistically, your facility will garner a terrible reputation via word-of-mouth that will destroy your business for good in the long term.
How can you avoid the Wall of Shame? The answer is obvious: an organizational commitment to complying with HIPAA. All PHI must be stored securely, and not out in the open where everyone can see. ePHI must be protected with the best possible software security available to a facility. Last (but not least), all facility staff must be trained on how to comply with HIPAA at all times. Patients trust healthcare facilities, and the least we can do is repay that trust in kind.