Any business or other organization, including non-profits, that deal in any way with patient medical information, needs to make sure that all systems and programs enable its workers to fully comply with the mandates embedded in HIPAA, the nation’s primary law regarding security and confidentiality of medical records. This fact was highlighted by a recent decision of an appellate court, which ruled that those who violate the provisions of HIPAA might face criminal penalties including jail time, even if the individuals involved had no idea that they were contravening the law.
Ignorance of the law has never been an excuse for violating it, but when the laws that must be followed are both highly complex and detailed, it becomes increasingly challenging to obey them. This is the case with HIPAA.
Most organizations have complied with the mandates in HIPAA in large measure by relying on technology that can help to ensure that online medical records, for example, are secured against hacking attacks. However, it is rare that a medical organization has access to the kind of information technology expertise that such systems require. Nor do small practices usually have the resources to create an additional position in the business for an IT guru. Even if those resources did exist, the existing personnel in a medical practice would be hard pressed to know how to choose the right individual for the job.