April 23, 2015

Record-breaking HIPAA violation settlements will change the compliance calculus

Kris Gösser
Kris Gösser

Datica Alumni — Former Chief Marketing Officer

One interesting tidbit to come out of HIMSS 2015 was an interview with Adam Greene, who formally worked out of the Department of Health and Human Services’ Office for Civil Rights (OCR). Initially covered by GovInfoSecurity, Mr. Greene hinted that the largest HIPAA violation settlements we’ve ever seen could emerge later this year. The interview was recorded, and is worth a listen for those interested.

The increasing financial liability of insecure or noncompliant systems is a major concern for healthcare institutions and digital health startups alike. For entrepreneurs, the threat is existential—one slip and the business is likely over. For healthcare institutions, the threat, while not quite as existential, is equally feared.

We are moving towards a future where overcommitment to compliance and larger investments in security are prerequisites for healthcare innovation. While these items have always been a priority, if Mr. Greene’s projection proves true, the calculus on new internal and external projects will change.

Focus on your job, not compliance

Focus. We all desire it with our jobs. Compliance is a distraction. We haven’t been shy to pitch this sentiment throughout our website. While originally it was focused more towards digital health startups, the same can be said to healthcare administrators.

We understand your job, Ms. CIO and Mr. CTO, is to innovate. It is to provide better patient care that leads to better patient outcomes. You would prefer to spend your days evaluating new ideas, judging new technology, and implementing smart programs. What you don’t want to be doing is worrying about regulation and HIPAA compliance with each new proposed project.

We are starting to see the trust Datica brings to the infrastructure part of projects as critical to healthcare administrators’ ability to focus on the job. If Mr. Greene’s hypothesis that we’ll soon see unprecedented settlements comes true, the importance of this trust will only increase.

What HIPAA settlements mean for digital health startups

It’s already difficult gaining the attention of hospital administrators. As our Innovation Series highlights, CIOs are looking for many signals.

  • Smart ideas to real problems
  • Stable companies with impressive founding teams
  • Financially viable engagements
  • Easy to implement solutions

Just to name a few. If HIPAA settlements hit hard and fast, assurance that external vendors—like your digital health startup—are not a compliance risk will vault to the top of list. Proving you can solve a real problem while not being a security liability will be central to your sales pitch.

tag Company HIPAA


Assessment Series: HIPAA Risk Assessment

Travis Good, MD

Co-founder & Chief Technology Officer

All organizations that are responsible for PHI are mandated to conduct a HIPAA risk assessment as the first step toward attaining true HIPAA compliance.

event-note June 9, 2015

3 HIPAA Omnibus Rule Essentials for IT/Security

Mohan Balachandran


In 2013, the Office of Civil Rights began enforcing a new set of regulations intending to improve patients’ access to their medical records and increase security to protected health information.

event-note October 30, 2015

7-Step Technology Checklist for PHI Protection

Mark Olschesky

Chief Data Officer

Criminal and financial penalties alongside severe reputation loss — with wagers so high, hospitals need to grow above the impromptu manual audits. Further contextual proof is given since these audits review a very minute percentage of all daily access events. Ensuring widespread patient privacy requires...

event-note June 21, 2016