When healthcare providers and information technology (IT) appear together in the news, it is often for less than positive reasons. The cyber security issues that have plagued everyone have not left physicians and hospitals unscathed; ransomware has held health systems large and small hostage; and laws such as HIPAA and HITECH have imposed considerable liabilities on providers. Concern about cyber security and the complexities inherent in IT matters is not misplaced. In a 12-day span in April, two separate HIPAA settlements handed down by the Office of Civil Rights (OCR) directly involved IT issues–one, a phishing incident, led to a $400,000 settlement, and the other, which involved a stolen laptop and a lack of safeguards for electronic PHI on mobile devices, led to a $2.5 million settlement. Clearly, the presence of HIPAA and HITECH, combined with the prevalence of cyber security issues, creates a perilous IT landscape for providers.

Originally Published in the Birmingham Medical News - June 2017.