HIPAA violations are up - and so is enforcement. A single incident can have dramatic effects on a print/mail service provider.
Ready for some real pain? Make a HIPAA mistake!
According to statistics compiled by the Department of Health and Human Services
Distressed Man
Office for Civil Rights (OCR), the number of healthcare data breaches so far in 2016 exceeds the total incidents reported from 2009 to 2013. Document Data Solutions customers deal with confidential data all the time. They cannot ignore this trend. Protected Health Information (PHI) is a hot item and preventing this information from falling into the wrong hands is getting more difficult.
When we think about data breaches, we envision hackers burrowing their way into computers over the internet. This is happening every day. Other incidents occur when devices like laptops and portable hard drives are lost or stolen. Print service providers are vulnerable to malicious or accidental data exposure and they should take precautions to protect confidential electronic customer information their customers have transmitted to them.
Document Errors in the News
Printed documents are also sources of privacy breaches. Nearly all incidents of accidental disclosure via documents involve employee oversights. Uncaught printing and mailing errors can cause as much damage as a deliberate online attack.
In September, Pennsylvania-based Geisinger Health Plan exposed the PHI of over 2800 people. They blamed an unspecified mailing error.
The Veterans Administration reported 183 mis-mailing incidents in June 2015. Some veterans received medical supply, treatment, and diagnosis information meant for other veterans.
Two contracted firms hired by Howard University Hospital to mail collection letters disclosed the private health information of 1445 individuals. A "data error" involving patients sharing the same surnames caused the problem.
A Walmart vendor mailed letters bearing pharmacy information of other patients, along with properly addressed refund checks to over 27,000 customers last May.
The severity of a privacy breach does not necessarily affect the impact upon service providers. Even if an incident harmed no patients, HIPAA rules force service providers to take certain actions. They must send notification letters promptly and companies must file breach notices. The OCR will likely investigate.
Hospitals, clinics, or insurers that hire print/mail service providers must make sure the vendors comply with HIPAA regulations. Business Associate Agreements (BAA's) issued by health organizations spell out vendor responsibilities and the consequences for failing to perform.
Lack of Preparedness Can Be Expensive
An OCR investigation triggered by a minor HIPAA breach can uncover other serious procedural issues which can lead to even more expensive business disruptions. Avoiding an accidental breach in the first place is the best defense against OCR intrusion. Print and mail service providers found to be lacking controls that could have prevented disclosure of PHI can be subject to fines and audits. If a breach occurs, service providers tarnish their reputations and could limit future opportunities to work with confidential data.
Document tracking, matching, and verification systems like iDataScan™, iDataRepair™, and iDataManager™ will catch errors that might otherwise make it through the production process and into the mail. If you are unsure of your exposure to the embarrassing and expensive aftereffects of a privacy breach, please call us. We'll be happy to evaluate your situation and recommend corrective measures. You can decide if you are comfortable with your risk level or if you need to invest in a plan for prevention.


Many print/mail companies are staking their reputations on a tracking solution that relies on a virtual tracking method. These approaches make assumptions about what goes on between the first camera scan and the last - a dangerous practice when processing documents bearing HIPAA-protected data.
Though marketed as document integrity solutions, these systems are really designed for simple, low-risk applications.
At Document Data Solutions we developed Advanced Event Driven Tracking, which uses a collection of sensors and encoders to monitor the status of each component in a mailing piece as it is assembled. If something goes wrong, DDS systems stop the equipment and alert the operator.
Read the white paper Do You Know What's Really Inside Your Envelopes?
to learn more about how Advanced Event Driven Tracking keeps DDS customers from making embarrassing and costly HIPAA mistakes.

If you would like to see a demonstration of the latest document integrity tools  contact us at the number below. We are proud to show you what we can do.

Document Data Solutions (DDS) is dedicated to providing Solutions To Move Your Business Forward  TM

We have developed a team of dedicated professionals to provide unrivaled consulting and custom solutions to help our customers separate their business from their competition and increase profits.
DDS' Vision inspection systems, data collection and management reporting capabilities for piece level verification are helping document centers of all kinds avoid the devastating effects of integrity errors.
Give us a call to set up a webinar to see how we can develop a custom solution for your business

 View our videos on YouTube     View our profile on LinkedIn 
Image courtesy of David Castillo Dominici at FreeDigitalPhotos.net