Data security is the means of ensuring that data is kept safe from corruption and that access to it is suitably controlled. Thus data security helps to ensure privacy. It also helps in protecting personal data. Data security is part of the larger practice of Information security. Filopto contains significant data on Patients and on your practice, It is your responsibility to ensure that you have a backup / disaster plan as well that you have the appropriate procedures to ensure that proper security measures are in place.
Many jurisdictions and associations stipulates the minimum security users must enforce when dealing with Patients medical records.
In the USA, HIPAA requires all Patient Identifiable Data (PID) to be secured based on the rules set out by the varying government levels.
In CANADA the PIPEDA rules in conjunction with various provincial PHI Acts also stipulated your business basic privacy requirements.
Accra Solutions Inc provides a Secure Remote Backup service for clients wanting to have an automated secure backup system that meet PHI regulations.
It is recommended that you review the Advanced System Security & Maintenance section of this help file.
EXAMPLES OF POSSIBLE PENALTIES
Nova Scotia PHI ACT
Individuals can make a complaint to a physician which is the custodian of their personal health information if they feel the physician has not complied with PHIA. Individuals may also request a review of physician's response to their complaint by the Nova Scotia Freedom of Information and Protection of Privacy Review Officer. The Review officer has authority to investigate the way a physician has handled a complaint, make recommendations and make the report public. An Individual who is not satisfied with the outcome of a review can appeal to the courts, who can levy penalties for individuals or corporations found guilty of an offense under PHIA.
|
United State HIPAA Penalties (All penalties are current as of December 2009) Individuals who do not adhere to HIPAA policies and procedures can be fined regardless of whether or not they knowingly violated the act. The minimum penalty for a HIPAA violation where the individual did not know he violated HIPAA is $100 per violation. The annual maximum for the minimum penalty amount is $25,000 for repeat violations. Individuals who violate HIPAA can be fined up to $50,000 per violation with an annual maximum of $1.5 million if the violation was severe, regardless of how or why the violation occurred. The Secretary of the Department of Health and Human Services is not permitted to impose civil penalties on individuals who violate HIPAA but correct the violation within 30 days, unless the violation occurred due to willful neglect. |