Block on Trump's Asylum Ban Upheld by Supreme Court
According to a survey by Legal Workspace, only 13 percent of 240 responding law firms actually possess the required technology to process and maintain compliance with HIPAA.
"For an industry that is traditionally hyper-concerned with protecting client information, legal is clearly not keeping up with business standards regarding technology and security," said Joe Kelly of Legal Workspace.
One of the most widely known features of the Health Insurance Portability and Accountability Act of 1996 is the rather draconian view it has on protecting the confidentiality of patient health records. Under the current language of HIPAA, any professional that handles work that contains "protected health information" is considered a business associate under the jurisdiction of HIPAA. This means that even lawyers are covered by a federal law, not just doctors, clinics, nurses, and the like.
Kelly's survey questioned attorneys from November 2015 and January of 2016. These attorneys handled HIPAA-related cases such as elder law, healthcare law, insurance, med-mal, PI, etc. Across the board, HIPAA violations were common. Some of the more glaring offenses include:
One can only imagine what the compliance levels will be for businesses which do not regularly handle HIPAA-heavy cases but are still nonetheless required to maintain compliance with the Act.
Most lawyers are unaware that HIPAA may apply to them. Joe Kelly sees trouble on the horizon not only because of what he sees as "glaring and troublesome" non-compliance with the federal law, but also because of aggravating factors like lax-cybersecurity at law firms. "Law firms are now walking targets for hackers," he says. He argues that law firms are "weak links", allowing unauthorized access to sensitive information from SSNs to contracts negotiations.
Kelly urges all law firms to re-examine their tech and cyber-security controls. If you think your firm is HIPAA compliant, you're probably wrong.
FindLaw has an affiliate relationship with Indeed, earning a small amount of money each time someone uses Indeed's services via FindLaw. FindLaw receives no compensation in exchange for editorial coverage.