Imagine a single MRI exam costing $2.4 million. Or paying that much for a single blood pressure test. Or what if a simple IV drip critically compromised a patient?
Sounds absurd, doesn't it?
But if you're a healthcare IT, compliance, risk management or clinical engineering professional, you know that an ePHI breach can result in serious penalties to your organization that could well exceed $2.4 million.
Even more alarming is the realization that patient information exposed through medical devices can be corrupted — which at the very least could compromise the delivery of care, and at worst, cause catastrophic harm.
Audits tell us that healthcare providers who fail HIPAA audits, Meaningful Use requirements, and put patients at risk often share a common oversight: They've failed to assess and secure medical devices that store and transmit electronic protected health information (ePHI).
What's at Risk?
The Problem Behind the Problem:
From pulse oximeters to CT scanners, a typical hospital averages about two medical devices per bed that collect, store, generate and transmit ePHI on a regular basis. Because these are unconventional, FDA-regulated machines, they tend to fall outside your IT department's scope of work or expertise, and are often left out of risk assessments, security analyses and compliance efforts -- an automatic violation of the HIPAA Security Rule and correct Meaningful Use attestation.
Loss or impairment of patient data.
Patient misdiagnosis or harm due to corrupted data or device malfunction.
ePHI breach averaging $2.4 million over two years (HIPAA penalties + cost of corrective action)
Disruption of other medical devices connected to the same network.
Delayed patient testing, work backlogs, patient diversion.
Financial and reputation loss following mandatory corrective action.
Corporate and personal liability.
Criminal and civil penalties.
How We Can Help:
White Paper: Reversing hidden patient safety, data security & compliance risks unique to medical devices.