Why Your Insurance Claim Might Be Rejected!

One of the many challenges you might face as a business owner is dealing with the vague requirements present in HIPAA and PCI-DSS legislation. Due to the unclear regulatory messaging, “assuming” rather than “knowing” can land your organization in big trouble with regulators.

Compliance Is Most Important for Your Business

One of the many challenges you might face as a business owner is dealing with the vague requirements present in HIPAA and PCI-DSS legislation. Due to the unclear regulatory messaging, “assuming” rather than “knowing” can land your organization in big trouble with regulators.

The Health and Human Services (HSS) Office for Civil Rights receives over 1,000 complaints and notifications of HIPAA violations every year. When it comes to PCI-DSS, close to 70% of businesses are non-compliant. While you might assume it’s okay if your business does not comply with HIPAA or PCI-DSS since many other companies are non-compliant as well, we can assure you it’s not. Keep in mind that being non-compliant puts you and your business at risk of being audited and fined.

What Failing to Meet Minimum Compliance Requirements Means

Never take compliance lightly because non-compliance can lead to:

1. Large penalties and fines

HIPAA violations can draw fines ranging from $100 to $50,000 per violation, with a maximum fine of $1.5 million per calendar year of non-compliance. PCI-DSS can wring out your budget too, with fines ranging from $5,000 to $100,000 per month.

2. Unscheduled and uninvited audits

Non-compliance can lead to sudden and quite unpleasant inspections and audits that result in fines.

3. Denial of liability insurance claims

You must be extra careful while selecting solutions for your business. Using a single non-compliant solution can cause your insurance provider to deny a liability insurance claim.

4. Business reputation damage

It takes years to build a good reputation, but just minutes to destroy it. Don’t let your business fall into the pit of non-compliance and have to deal with the repercussions after customers find out.

5. Imprisonment or even forced business closure

In cases of severe non-compliance, regulatory bodies can actually push for the arrest of top level executives, or even close the business entirely.

Are Your Existing Business Tools Compliant?

If you are unsure where to start, assessing your business tools, like your cloud, VoIP, email service, electronic file-sharing service, applications, etc. is a good place to start. Here are a few ways to check your existing business tools for compliance:

HIPAA

• Does the tool use AES 256-bit encryption? It doesn’t matter if sensitive data like electronic Protected Health Information (ePHI) is at rest or in transit. Encryption is required by HIPAA.

• A tool with proper access controls ensures those who genuinely need sensitive data can access it. What’s your tool’s access control policy?

• Is there automatic log-off in place if no user activity is detected over a specified period of time? HIPAA requires this in order to protect high-risk data.

PCI-DSS

• Were the default passwords during the initial setup changed after installation? PCI-DSS specifies the importance of changing passwords to keep threats minimized.

• Are inactive user accounts removed or frozen after the warning period? Inactive accounts are easy and quick entry points for attacks.

• Does your tool store, retrieve or transmit cardholder information? If yes, it must have the newly mandated version of the Transport Layer Security (TLS) protocol.

These lists are not necessarily a complete list, and really only scratch the surface. Also, none of the points mentioned above ensure the tool is HIPAA or PCI-DSS compliant. Just consider it a starting point.

If you’re confused about what your next steps should be, don’t worry. That’s what we’re here for!

Use our expertise in compliance matters to conduct a comprehensive assessment of your business’s current state of compliance. Contact us now to learn more.

Interested in Learning
More about Our Services?

Contact us to request a consultation.