HIPAA Compliance: Are You Leaving Your Business Open to Liability?

Fitbit recently announced HIPAA-compliant capabilities, in a move to expand the scope of offerings the companies can offer their corporate wellness programs. This move allows for Fitbit to now be used securely as a method for storing private health information. “We prioritize protecting our consumers’ privacy and keeping their data secure,” said James Park, CEO of Fitbit. Their actions directly reflect today’s growing awareness and concern the protection and security of sensitive private health information, which extends naturally into an employer’s need to remain HIPAA-compliance and protect employees.

HIPAA compliance is a mandatory requirement for healthcare providers who take insurance. It ensures that there are measures in place to protect patient private health information as mandated by the Health Insurance Portability and Accountability Act, passed in 1996. This act sets regulatory guidelines around how private health information should be stored and what kind of security must be put in place to ensure protected privacy. HIPAA compliance applies to both the online and offline healthcare companies and while the regulations around offline compliance are fairly cut and dry, cybersecurity is not only more complex, but often where healthcare companies leave themselves open for potential liability.

Telehealth is on the rise and with much of the healthcare industry going digital, staying aware and placing proper safeguards against cyber threats is more important than ever. The most glaring pitfall for many healthcare companies lies in the third-party companies relied on to store private health information. With the growing urgency to provide telehealth care options and the newness of telehealth, many have turned to third-party companies that are not HIPAA compliant and will not be held responsible in the event of a breach of cyber security.

Many of the “freemium” services offered by companies such as Skype or Google Drive among others are not, in their standard usage, HIPAA compliant. While these services were once top options available for virtual healthcare, the fast-moving advancement of the healthcare technology has made this no longer true. In the time since the start of telehealth, fully HIPAA compliant software specifically designed for virtual care has been created. Regardless of whether a telehealth provider is HIPAA compliant, business associate agreements (BAAs) still must be put in place to ensure that the telehealth provider will be held accountable for breaches in cybersecurity.

The demand for telehealth options is only continuing to grow. The 2017 American Well study shows that 50 million Americans would switch healthcare providers to have access to virtual care. It is more important than ever to ensure that corporations are protected from cybersecurity threat as virtual care becomes more and more an industry standard.

Back to Top