Support Contact
Why Sharetru?
Platform
Features
Compliance
Industry
Pricing
Resource Hub
Start Free Trial
    Start Free Trial
      August 30, 2016

      IT Service Providers: HIPAA Is Your Concern, Too

      Written by: Martin Horan

      The question of whether or not IT services providers need to concern themselves with compliance regulations like HIPAA seems to have been answered definitively and for all time. In July of 2016, the Catholic Health Care Services of the Archdiocese of Philadelphia, also commonly referred to as the CHCS, has agreed to pay a massive fine totaling $650,000 to settle violations relating to patient data that was stolen from a smartphone in their care.

      HIPAA Compliance and "Covered Entities"

      After a lengthy probe launched by the Office of Civil Rights that began in April of 2014, CHCS was deemed a "business associate" of the healthcare organizations that it was providing technology services to. Indeed, even though the smartphone itself was not under the care of CHCS officials when it was compromised, the fact that it was issued by CHCS was enough to hold them responsible for everything that happened afterwards. Specifically, investigators determined that CHCS' main failing was the fact that at the time when the smartphone was compromised, they had no policies in place that would allow them to remotely remove or wipe devices that contained patient health information from its infrastructure. They also had no plan in place for what to do in the event of a security incident like the exact one that they ended up facing. This, due to a lack of risk analysis and risk management plan, turned into a costly lesson that CHCS will likely not forget anytime soon.

      Free Trial Graphic CTA - City and Buildings

      An Uncertain Future for CHCS

      CHCS' relationship with this HIPAA compliance investigation does not end the moment they pay their fine, however. Under the current terms, OCR will continue to monitor CHCS and will work with officials within the organization for the next two years to help guarantee they remain compliant with all HIPAA obligations as a result of their role as a Business Associate for the foreseeable future. Depending on how things go, this period could be extended beyond the two years dictated by the settlement.

      This is the type of situation that goes a long way towards proving that the importance of HIPAA compliant software cannot be overstated enough. Had those parties involved been using a HIPAA compliant FTP site to store and manage patient data to store and manage patient data, the fact that a single smartphone was compromised would not have resulted in any privacy issues at all - let alone the type of HIPAA compliance violations that ended up costing $650,000. Unfortunately, with more than $9 million in fines being handed out due to similar situations in 2016 alone, this seems to be one lesson that a wide range of IT services providers will need to learn the hard way.

      See It In Action Trial Graphic CTA -Typing on Keyboard Background

      Tag(s):

      Martin Horan

      Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

      Other posts you might be interested in

      View All Posts
      Cyber and Data Security

      Understanding the Draft of CMMC, a Definition for FedRAMP Equivalency, and Its Implications

      In the ever-evolving landscape of cybersecurity threats, the Department of... Read More
      Cyber and Data Security

      Selecting IT Infrastructure for File Transfer & Sharing Needs

      Since the beginning of the internet, it’s been necessary for organizations to... Read More

      Solving Shadow IT for File Sharing Without Compliance Risks

      File sharing has exploded in popularity in recent years in both the personal... Read More