Legal
Are Facebook and Google Tracking Pixels HIPAA Compliant?
By Eric Atienza, Assistant Director of Digital Marketing Technology, American Med Spa Association (AmSpa) Most platforms like Facebook, Instagram ...
Posted By Madilyn Moeller, Friday, February 23, 2024
2023 was a banner year for health care fines and breaches. The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled 13 cases with health care organizations for potential violations of the Health Insurance Portability and Accountability Act of 1996. The OCR breach portal also listed 563 large-scale breaches on its site.
In 2023, the HHS OCR settled cases with eight covered entities and four business associates for potential HIPAA violations. Fines ranged from $15,000 to $1.3 million, totaling $4,176,500.
There were 563 large-scale breaches reported on the OCR breach portal in 2023. Those breaches affected a staggering 124,630,800 patients, an increase of 127% compared to 2022’s 55 million patients.
Ransomware and hacking are still the primary cyber threats in health care. According to the HHS, over the past four years, there has been a 239% increase in large breaches reported to OCR involving hacking and a 278% increase in ransomware. This trend continued in 2023, where hacking accounted for 84% of the large breaches reported to OCR.
Unauthorized access or disclosure of protected health information (PHI) accounted for 13.68% of breaches on the OCR online portal, while theft accounted for 1.6% of incidents reported. Both improper disposal and loss of medical records accounted for less than 1% of reported breaches.
In 2023, the majority of breaches listed by OCR were reported by health care providers—366 incidents, representing 65.01% of reported breaches and affecting 35,188,999 patients. While business associates reported 112 incidents, patients affected by business associate breaches were at an all-time high of 59,315,445 affected patients, or 47.59% of total patients affected. Eighty-two health plans also reported breaches affecting 14,900,373 patients. One health care clearinghouse reported a breach affecting 501 patients.
As breaches targeting health care organizations skyrocket, it is essential to implement measures to prevent unauthorized access to sensitive data. Implementing an effective HIPAA compliance program is the best way to do this. HIPAA compliance includes risk analysis, policies and procedures, employee training, and incident management. Had organizations fined by OCR over the last year implemented an effective compliance program, the incident and subsequent fine could have been prevented.
Learn more about 2023 health care breaches and fines in this free eBook.
Compliancy Group’s software automates HIPAA compliance for medical spas. Achieving compliance can be done quickly through just a few self-paced virtual meetings. New customers will save 15% on Compliancy Group’s software, which includes live coaching to guide you through your compliance requirements, risk assessment that makes the required HIPAA risk assessment a breeze, policies and procedures that fully satisfy HIPAA regulations and protect your business, and intuitive and automated HIPAA training that awards the HIPAA Seal of Compliance upon completion.
Related Tags
Medical spa news, blogs and updates sent directly to your inbox.
Legal
By Eric Atienza, Assistant Director of Digital Marketing Technology, American Med Spa Association (AmSpa) Most platforms like Facebook, Instagram ...
Legal
By Eric Atienza, Assistant Director of Digital Marketing and Marketing Technology, American Med Spa Association (AmSpa) (UPDATE 10/14/24: In ...
Legal
By Patrick O’Brien, JD, General Counsel, American Med Spa Association (AmSpa) The Federal Trade Commission’s (FTC’s) rule that would ...
Legal
By Patrick O’Brien, JD, General Counsel, American Med Spa Association The past few years have seen an explosion in ...