In support of Cybersecurity Awareness Month, we've shared tips so far for "Owning It" with remote access security, "Securing It" with multi-factor authentication, and today I want to talk about "Protecting It" and the potential costs of a HIPAA violation if you aren't able to protect it (with "it" being PHI).
Healthcare Privacy is tied to a growing number of rules, regulations, policies and procedures. For the average healthcare employee, it can be difficult to keep track of everything they need to know. Therefore, organizations should prioritize awareness as a part of their privacy strategy. Awareness is the process of educating your staff, not only on these policies and procedures, but why they are important. Awareness is a vital step in influencing a positive privacy culture.
Today’s hospital leaders face unprecedented challenges when it comes to safeguarding patient privacy—mounting regulations, increased organizational complexity, along with dispersed privacy and security processes—all amid millions of patient data accesses every single day.
Healthcare organizations are finding themselves having to do more with fewer resources, and this resource limitation is most visible in data security and patient privacy. Additionally, the industry as a whole sees more and more data breaches in healthcare facilities of all shapes and sizes. This is putting even further stress on hospitals to protect data from the inside out, as the penalties related to breaches, financial and otherwise, can be severe.
It has been more than a decade since the HIPAA Security Rule established technical safeguards which require organizations to audit access to electronic protected health information. Since then, auditing programs have continued to grow in size and scope.
Healthcare Privacy and Information Security programs have evolved substantially in recent years. This is due not only to the requirements of Meaningful Use, HIPAA, and HITECH, but due to the growing threats to our sensitive information. Recent Cyber security analysis estimates that nearly half of all cyber attacks identified in 2015 were directed at healthcare. Many of these incidents involved insider threats or the mishandling of information by staff. It can be a daunting task to keep our Privacy and Security practices ahead of the threats that target them. This is why a risk-based approach to auditing is not only helpful, it is necessary.