HIPAA Compliance Management

HIPAA Security Rules

The healthcare industry is a top target for hackers. Why? Electronic Patient Health Information (ePHI) is highly-sought after because this data is more valuable than credit card information. When ePHI is stolen by cyber criminals, it can be sold and used by individuals to gain access to prescription medication, receive medical care, and access financial data.

Simply, the HIPAA Security Rules state that covered entities and their business associates must:

• Protect ePHI
• Plan and establish policies to address security incidents
• Respond to and report an incident
• Establish back-up and business continuity procedures to protect ePHI

Test your HIPAA compliance and security readiness!

• Have you conducted an annual Security Risk Assessment?
• Do you have policies and procedures in place to address breaches?
• Do you have a process for investigating and tracking incidents?
• Have you identified all of your vendors as Business Associates?
• Have your employees gone through HIPAA Security Awareness Assessment?

If you answered “no” to any of these questions, you may be in violation of HIPAA rules and vulnerable to a cyber attack.

Attorney and HIPAA Expert, Paul Hale, J.D., states, “Healthcare organizations are particularly vulnerable because patient data is the gold standard for criminals selling private data on the black market. While the cybercrime crisis can seem insurmountable, there are steps you can take. Guidance on how to maximize your defenses includes: ensuring your vendors, web-hosts, and business associates are HIPAA compliant, updating your software – always installing the recommended patches; maintaining a quality anti-virus and malware program on all of your devices; and backing up your data. In the workplace, security workforce training is essential.”