So many of these companies have no idea that they’re supposed to be complying with HIPAA. These SMBs include accounting firms, payment processors, law firms and even document storage and disposal companies.
These organizations are definitely not delivering healthcare services, but they are handling Personal Healthcare Information (PHI) that falls under the umbrella of HIPAA. Regardless of why a company might deal with this data, it is still responsible for handling it as meticulously as a hospital might.
When it comes to hammering this point home, it’s a good idea to emphasize the stick versus the carrot. The fines and penalties for HIPAA violations can be quite lofty, not to mention the reputational damage that comes with a violation making the headlines.
Since these companies previously were not conscious of their legal obligations in this department, referring to comparable examples is a good tactic to inject some urgency into the conversation. Offering up case studies of how companies in the same line of business have been subject to fines and negative repercussions following a HIPAA violation is a great way to “scare them straight” on the subject. Seven-figure fines are typically a pretty good motivation to invest in upfront protection from these liabilities.
Read the full post at Channel Futures.