Consequences of Medical Identity Theft in the Healthcare Industry
Medical identity theft can quite literally cost your organization. Even if a breach is the result of a mistake, should that employee be found negligent, they and their employer could face stiff fines.
How stiff? The maximum penalty can be as much as $50,000 per incident ,or $1.5 million per year. This category also represents the lowest possible level of penalty. If an employee is found to be “willfully neglectful” through reckless actions or disregard for stated compliance, the minimum is $10,000 per violation, presuming that the issue has been corrected within the required period of time. When the issue is not corrected, that minimum skyrockets to $50,000 per violation with an allowable annual maximum of $1.5 million.
As you can see, an employee does not have to be a criminal or have malicious intent in order to cost your healthcare organization dearly. The federal government takes patient privacy very seriously, which has been one of the driving factors in the push towards electronic health records. Even with efforts like heavy data encryption and security, something as basic as allowing a hard drive or stack of forms to linger in the wrong spot for too long can easily bankrupt most practices or peripheral medical businesses.