How cybersecurity affects HIPAA compliancy

How cybersecurity affects HIPAA compliancy

by Yenny (SU)

In 2015, the Cancer Care Group, an Indiana-based oncology practice, was fined $750,000 for a breach of patient information contained on employee’s laptop and unencrypted backup media. The incident was a clear violation of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, specifically the HIPAA Security and Privacy Rules.

This is exactly why healthcare organizations must pay close attention required physical and technical safeguards, as well as making sure that all staff understands the HIPAA compliance rules and how to follow them.

The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.

The HIPAA Privacy Rule “requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization.”

While most people know there are protections regarding the confidentiality of their medical records, businesses in the health industry need to understand the ramifications of HIPAA as it pertains to digital privacy and security. After all, if you don’t have the proper security or continuity protocols to protect your business, there could be serious consequences.

For one thing, your business may have a hard time recovering from a devastating cyber-attack. Also, you’ll have to report the breach to the government, which may result in the Office for Civil Rights (OCR) investigating your business, as well as your business associates.

Violations of the HIPAA Rules would result in steep fines, not to mention that your patients would be concerned that their information was not secured or protected by your practice.

 The Importance of Security in the Electronic Age

The Cancer Care Group breach illustrates some key issues regarding the removal of hardware and electronic media (containing ePHI into and out of its facilities) and HIPAA compliance:

Ø  Neglecting safeguards in order to save money will eventually cost your business much more money than you would have originally spent.

Ø  The need to establish strong policies and procedures to protect patients’ health information.

Ø  If you put off creating and implementing a policy now, OCR will require you to if or when you are hacked.

Ø  If the lack of security leads to a breach, it could destroy your firm’s reputation – and seriously impact its revenue.

Ø  It’s not just administrators who need to comply with the HIPAA Security and Privacy Rules. Anyone in your organization who handles patient data on a daily basis must be trained to follow the standards of security and privacy policy.

Why Take Risks?

Why take risks with the security of your data and your business? When it comes to data breaches, it’s always better to play it safe.

To learn more about HIPAA requirements and safeguards related to cybersecurity, contact Colington Consulting at 800-773-6379. They are experts in the field of HIPAA rules and procedures. Colington Consulting can help you avoid problems and steep fines by bringing your practice into complete HIPAA compliance. It is what they do best, allowing you to do what you do best … provide health care to your patients.