Many small and medium-sized medical and dental practices operate under the assumption that the Department of Health and Human Services only focuses on massive healthcare networks. This assumption is incorrect and dangerous.
The Office for Civil Rights actively investigates smaller clinics. Most of these investigations are not random audits. Instead, they stem from a single patient complaint, a lost mobile device, or a staff member clicking on a malicious link in an email. Because HIPAA violation fines scale based on the level of perceived neglect, a single unencrypted device can easily jeopardize the financial viability of a local clinic. Data security requires strict, non-negotiable protocols regardless of the size of your operation.
