Banks, brokerages, and your medical group or facility’s potential violation of HIPAA?
In 2022, a group of the nation’s largest banks and brokerage firms settled with the U.S. Securities Exchange Commission for close to $2 billion in connection with traders’ use of unauthorized messaging apps, means of communication that violate the SEC’s rules on recordkeeping designed to permit regulatory oversight.
In one instance, the SEC alleged that traders used WhatsApp and other channels that did not preserve a record of the communication. In another allegation, traders were instructed to delete messages from their personal devices and to communicate through encrypted channels that skirted oversight.
Communication and data preservation in the financial world and the healthcare world overlaps in regard to the use of personal devices and unauthorized channels. Although the regulatory aims are different, oversight versus privacy and security, the potential for violation, including fines and penalties is the same.
Who, right now, might be texting PHI to a colleague? Who might have unencrypted PHI on their personal computer? Who’s using regular email to transmit a document containing patient names? Sure, you have a HIPAA privacy and security plan. But are you enforcing it? And, if not, what will it cost you?
