Show/Hide Toolbars

Filopto Help Manual

Navigation: Quick Start Guide

Regulatory and Privacy Security Guide

 Scroll Prev Top Next More

 

SecurityRequirements

Data security is the means of ensuring that data is kept safe from corruption and that access to it is suitably controlled. Thus data security helps to ensure privacy. It also helps in protecting personal data. Data security is part of the larger practice of Information security.  Filopto contains significant data on Patients and on your practice, It is your responsibility to ensure that you have a backup / disaster plan as well that you have the appropriate procedures to ensure that proper security measures are in place.

 

Many jurisdictions and associations stipulates the minimum security users must enforce when dealing with Patients medical records.  

 

In the USA, HIPAA  requires all Patient Identifiable Data (PID) to be secured based on the rules set out by the varying government levels.  

 

In CANADA the PIPEDA rules in conjunction with various provincial PHI Acts also stipulated your business basic privacy requirements.

 

Accra Solutions Inc provides a Secure Remote Backup service for clients wanting to have an automated secure backup system that meet PHI regulations.  

 

It is recommended that you review the Advanced System Security & Maintenance section of this help file.

 

 

EXAMPLES OF POSSIBLE PENALTIES

 

 

Nova Scotia PHI ACT

 

Individuals can make a complaint to a physician which is the custodian of their personal health information if they feel the physician has not complied with PHIA.  Individuals may also request a review of physician's response to their complaint by the Nova Scotia Freedom of Information and Protection of Privacy Review Officer.  The Review officer has authority to investigate the way a physician has handled a complaint, make recommendations and make the report public.  An Individual who is not satisfied with the outcome of a review can appeal to the courts, who can levy penalties for individuals or corporations found guilty of an offense under PHIA.

 

 

 

 

United State HIPAA Penalties (All penalties are current as of December 2009)
 

Individuals who do not adhere to HIPAA policies and procedures can be fined regardless of whether or not they knowingly violated the act. The minimum penalty for a HIPAA violation where the individual did not know he violated HIPAA is $100 per violation. The annual maximum for the minimum penalty amount is $25,000 for repeat violations. Individuals who violate HIPAA can be fined up to $50,000 per violation with an annual maximum of $1.5 million if the violation was severe, regardless of how or why the violation occurred. The Secretary of the Department of Health and Human Services is not permitted to impose civil penalties on individuals who violate HIPAA but correct the violation within 30 days, unless the violation occurred due to willful neglect.
 
Some HIPAA violations occur due to a reasonable cause. If the individual is not found to have been willfully neglectful, but the violation occurred knowingly, the minimum civil penalty is $1,000 per violation with an annual maximum of $100,000 for additional violations. An example of a violation due to a reasonable cause would be a medical professional accessing a patient's medical information without the patient's consent to release that information.
 
Corrected HIPAA violations that occur due to willful neglect will cost medical personnel a minimum of $10,000 per violation. The annual maximum for such offenses is $250,000. The maximum penalties of up to $50,000 per violation with an annual maximum of $1.5 million still apply. Examples of violations due to willful neglect are breaches in medical records due to a medical facility having an unsecured server room where electronic medical records are stored or employees having passwords written in plain sight.
 
Individuals who knowingly disclose health information and patient records may be charged criminally and imprisoned for up to one year with a fine of up to $50,000. If the violation was committed under false pretenses, individuals can face up to five years in prison and a fine of up to $100,000. If a HIPAA offense is committed with the intent to sell or use the patient's health information maliciously or for personal or financial gain, the individual can face 10 years' imprisonment and fines of up to $250,000.