We create and publish our HIPAA Guide each year: to give healthcare IT and HIPAA leaders an up-to-date resource to direct and focus their HIPAA compliance efforts to the areas that are quick and impactful.
We create and publish our HIPAA Guide each year to give healthcare IT and HIPAA leaders an up-to-date resource to direct and focus their HIPAA compliance efforts to the areas that are quick and impactful, as well as to outline and provide guidance in areas that may take more time to understand and implement.
Data breaches involving protected health information (PHI) increase every year. It seems like we see a new hospital or healthcare network breach on the news every week. In fact, by the middle of 2019, PHI breaches at healthcare organizations had already doubled the total from 2018, according to the Protenus Breach Barometer.
PHI is extremely valuable to hackers, even more so than credit card data. PHI and associated personally identifiable information (PII) can be used to make false insurance claims, gain access to prescription drugs, or target patients with healthcare-related scams.
Because of PHI’s value, hackers are determined to steal it. Healthcare practices are busy and not always focused on security. These circumstances can contribute to devastating breaches with far-reaching consequences that sometimes include going out of business.
Medical practices are busy and protecting PHI can seem difficult. But, there are a lot of security controls and policies that go a long way to preventing a data breach.
Hear from our Director of Assessments, Matt Halbleib CISSP (CISA, QSA (P2PE), PA-QSA (P2PE)), and our Principal Security Analyst, George Mateaki (CISSP, CISA, CISM, QSA, PA-QSA) about why we created the 2020 HIPAA Guide and how we hope it will help organizations.
Patient care organizations are focused on patient care. But they are starting to recognize that security is a huge part of patient care. As they focus on the patient care aspect, they run out of time. That’s why we created the guide,” Principal Security Analyst, George Mateaki.
Every year, our HIPAA research team conducts surveys of HIPAA leaders at healthcare organizations to find out where organizations could use support and education.
Our responses come from over 450 different healthcare professionals responsible for HIPAA compliance. These survey respondents mostly belong to organizations with less than 500 employees, however, the resulting data is important to organizations of all sizes, because almost all healthcare organizations share patient data with one another.
When PHI is shared between two organizations, they impact each other’s security, regardless of size.
We found that the majority of healthcare organizations did well in the areas of HIPAA leadership and documentation:
We also found that in addition to HIPAA, the most common security mandate that organizations comply with is the Payment Card Industry Data Security Standard:
In the area of training, the majority of HIPAA survey respondents did well:
We find that healthcare organizations particularly love the ease of use, structure, and accessibility of the 2020 SecurityMetrics Guide to HIPAA Compliance to assist with HIPAA training. See what some of the HIPAA Guide users have to say:
"Thank you for providing the guideline for our business. It is less stressful knowing that I have the correct guide to improve our services to our patients and to protect our business." - Nancy Wiseman, M.Ed., Ed.S., Vice President, Citrus Endodontics, P.A.
"This is the most comprehensive guide on HIPAA I have found." - Crystal Hertz, National Health Foundation.
"The HIPAA Guide is one of the best helps/tools/references. It's well organized and easy to understand for our medical office staff and providers." - Hedy Haun, Sr. Process Analyst, Sharp HealthCare
"I loved SecurityMetrics. They have the best resources when it comes to PCI and HIPAA compliance and their customer service is unmatched." - Jennifer M. Connell, Owner E2E Health Solutions, LLC
"SecurityMetrics Guide to HIPAA Compliance is really helpful, very informational and updated." - Jeffrey Delos Reyes, Flow Health Outsourcing Inc.
.svg)
