HIPAA compliance is not optional or dependent on the size of the business. In spite of some best efforts, the data host chosen, do so carefully. Or you could end up like Metro Chicago Hospital Council (MCHC) as a non-profit, has a Health Information Exchange (HIE) that is subcontracted. What happens if your provider leaves the market and takes its data store with it? Fortunately for them, they got a judge to be on their side long enough to ensure a proper transition. A federal judge ordered Sandlot Solutions Inc. [what a name for a medical company] not to destroy the data without court approval. It was ordered to provide the raw data to MCHC as well as a “virtual” copy as soon as possible. The HIE was ordered to bear the cost of hardware, personnel and other expenses necessary to do so, and also to post a bond of $25,000 (Susan D Hall, 2016, para. 5). Sandlot Solutions was out of Irving TX, the website is down, obtained through LinkedIn. A simple Dun & Bradstreet report may have flagged this company, but it does not hurt to check. An analogy would be to put the hands of deciding a game in an official making a call, Golden State Warriors found out the “hard way” about that.
Susan D Hall. (2016, April 25). Court prevents HIE contractor from destroying data. Retrieved April 26, 2016, from http://www.fiercehealthit.com/story/court-prevents-hie-contractor-destroying-data/2016-04-25