Brokers – Wake Up! What the Gulf Oil Spill Should Have Taught You on HITECH Compliance
The entire reason that we have the gulf spill at all is because BP cut corners and was too cheap to install a $500,000 valve, used in many other countries, that would have allowed the well to be shut off immediately. So for being so cheap they will ultimately end up spending north of $10 Billion besides destroying the coastal ecology in the gulf states. They also were totally unprepared for a disaster and the bad PR has been devastating on BP. Again for lack of planning. They never thought it would happen and this is a company with profits of over $13 Billion in the first quarter alone.
So why is it that Nearly 3 months after the HIPAA HITECH deadline my guess is that 90%+ of all of you who read this are not compliant with the new HITECH law? You face penalties for breaches in the millions of dollars and for any broker a single breach and the publicity associated with it will destroy your company and your livelihood.
BP will go on regardless you will be out of business. They can be negligent in their risk management but as an insurance professional you know better, it is the way you make your living, helping clients manage risk.
The first firms I worked with this year all had their owners involved in protecting their businesses. Now many brokers seem to have have delegated figuring this all out to a lower level staff or service person with no financial skin in the game and no background in either business or compliance or in the case of email encryption to their outsourced IT person most of whom have no idea what email encryption is.
In essence by not acting in a timely fashion and by delegating compliance to your staff and outsourced IT person you have put your self, your family, your firm’s equity value and your entire reputation at enormous risk.
Frankly inaction, or a lot of what I see that goes for action is just plain dumb. Do you really think that a major breach of PHI will not or cannot happen to your organization? Please!
For what?? Trying to save a few bucks? Denying that the law applies to you? Trying to plead ignorance? Claiming to be too busy?
In reality you can easily make your firm completely compliant with this “HITECH For Dummies” guide and these easy steps:
- A Risk Assessment
- Policies and Procedures
- Breach/Disaster management plan
- Email Encryption
1,2 & 3 can be done for $1000-$3000 max. All of this can be done in 4-6 weeks with a couple hours work a week by your firm. That is all. Compliance Helper does this everyday for BA’s and CE’s
Getting the best and easiest to use encryption solution solution in the industry will cost you about $.60/user per day. That is right 2 quarters and a dime a day per user. That is why we created the RadarMail 360 Suite. Regardless of your firm’s size you all have the same compliance needs and we have a solution for solo agents to the largest local, regional and national firms.
Cost is clearly not the reason that your organization is not compliant. HHS views inaction as “willful neglect” and that maximizes any penalties for your firm’s lack of compliance and breaches.
Two weeks ago none of us thought that the Gulf Shore of the United States was in imminent peril from offshore oil. Now we know better and should have all along.
You have had a warning here for you business. Are you going to heed it and act to protect your business? Or pretend that you will never have any issues and never be audited by HHS or your state Attorney General and never be fined for a law that your know you have to comply with?
So what will 2 weeks from now look like for your firm when you are non compliant?