HIPAA has been the rule of the land, talked about, and debated for more than a decade. It was designed to protect the privacy of individual’s health care records, but, by most assessments,it does not seem to have made things any better for anyone. In fact, many feel accessing personal data is getting easier and not harder.
Just a couple of weeks ago the story broke that Anthem Blue Cross was hacked, sending personal data—including health information, social security numbers, and other personal information for more than 80 million people—into the cyber underworld.
For Anthem there have been consequences:
- It has hurt their reputation as a trusted insurance company.
- If any Anthem member has their private information breached, Anthem may be facing legal action as the deep pocket worth chasing. This is a problem that is likely to plague them for many years.
- There will likely be government sanctions and fines.
- It provides an opportunity for competitors to put them at a disadvantage in the next contract negotiations with employers.
Finally, and this should not be lost, it has the potential to do real damage to Anthem policy holders. Even with Anthem standing behind financial losses, there is significant opportunity for real harm to individuals.
HIPAA and Senior Living
I recently had a conversation with Doug Fullaway, the VP of Senior Living Business Development at RealPage, a Senior Housing Forum Partner, about HIPAA and its implications for senior living providers. He noted that many of the consequences Anthem is facing could similarly impact senior living.
As Doug talks to senior living operators, he sees the following:
- It’s hard for companies to get excited about HIPAA or pay much attention to it. The problem is that most senior living companies have a million other things to worry about.
- Getting HIPAA compliance right costs time and money.
- There is no ROI in getting it right . . . except that getting it wrong could destroy your business. But then again maybe nothing will happen, and even if something does happen it might not really be that bad except that . . . it also might be really, really bad.
- Every supplier says they are HIPAA compliant, but it is really hard to know if that is true or not.
Questions to Ask
Doug suggested 5 questions you should ask your vendors (and yourself) to determine how compliant they are:
- Is data encrypted when being transferred between your community and cloud-based services?
- Once the data is sitting in the cloud is it encrypted?
- Do you have the ability to provide a report that documents every single person who looks at health information?
- What are your internal and external audit processes to ensure compliance?
- As new software or features are being released, what is your process for ensuring it is HIPAA compliant?
Finally, Doug noted that RealPage has put a great deal of effort into making sure senior living resident data is as secure as possible. They are committed to being a trusted partner.