It's no secret HIPAA requires organizations of all stripes to safeguard peoples' protected health information, or PHI. Through a set of federal standards, the "when" and "how" of protecting PHI is thoroughly laid out for organizations by which to abide.

Now, implementing HIPAA protocols can be expensive and time-consuming, as it requires updates to systems, training and policies. But electing not to implement these critical, federal privacy standards can put you in hot water and lead to big fines and lawsuits. In this article, we'll cover HIPAA law and the best path to implementing it.

What HIPAA Is All About

HIPAA applies to any company sending and receiving — and generally handling on an everyday basis — peoples' protected health information. While HIPAA is federally mandated, some states have taken measures to make these rules and regulations more stringent and punitive for repeat offenders.

And when communicating via phone and email, companies must maintain strict protocols to not transmit digital protected health information or ePHI. HIPAA requires these transmissions to be electronically encrypted, which will prevent unauthorized access to these data.

Why You Should be Concerned About HIPAA

In addition to the threat of fines, there are countless other reasons to be in compliance with HIPAA. These include loss of customers due to mistrust and damage to the company's reputation. Indeed, all of that hard work and effort can be lost in an instant.

Below are various penalties as defined by the Health and Human Services Department, with each tier leading to a total penalty of $1.5 million:

  1. First-tier offense: The covered entity did not know and could not reasonably have known of the breach ($100 to $50,000 per incident).
  2. Second-tier offense: The covered entity "knew, or by exercising reasonable diligence, would have known" of the violation, though it did not act with willful neglect ($1,000 to $50,000 per incident).
  3. Third-tier offense: The covered entity "acted with willful neglect" but corrected the problem within a 30-day period  ($10,000 to $50,000 per incident).
  4. Fourth-tier offense: The covered entity "acted with willful neglect" and failed to make a timely correction ($50,000 per incident).

Want to check out actual case outcomes for HIPAA violations? lists them along with the steep penalties companies received due to negligence and oversight.

Why Implementing HIPAA Shouldn't be Difficult

Of course, implementing HIPAA can be costly and time-consuming, but that doesn't mean companies should simply ignore these federally-mandated rules and regulations. Some of the challenges involved with implementing the law include:

  • Training and educating your workforce on compliance
  • Revising business associate agreements
  • Providing individuals with electronic access to their protected health data
  • Modifying privacy practices and sending out notice updates
  • Dealing with technology system failures
  • Determining how to remain compliant when using social media

The above examples are why companies shouldn't attempt compliance on their own. Instead, hiring a specialist that can handle every aspect of compliance should be called upon. Plan to set aside a few months for training, changes in process, the creation of new policies and staff training. Your HIPAA law consultant will work with you to build a roadmap for implementation and provide a timeline for completion.

Encrypt Your Data to Protect Individuals' Privacy

HIPAA should be implemented by any company engaged in PHI or ePHI to protect patients' privacy. Not doing so can result in reputational damage, loss of customers, fines, and lawsuits. Implementing HIPAA is a complex process.

When it comes to security, 8x8 provides reliable and compliant cloud solutions at a demanding level rarely seen by other cloud providers. Don't take your chances with a subpar cloud-based telecom system. Call 1-866-879-8647 or fill ou the form below to to speak with an 8x8 Product Specialist.

Related Topics

HIPAA Compliant Hosting

FIPS Cryptography