You can’t afford to be passive anymore; it’s time to be aggressive.
While C-suites seem to think their organization is doing well regarding HIPAA, the evidence suggests otherwise.
When it comes to HIPAA, do you really know what’s going on in your organization’s security? How many firewalls do you have installed? Do you know what vulnerability scans you use? Do you train your staff often, or just once a year?
Most C-suites feel pretty confident in HIPAA security. They can comfortably argue their organization is HIPAA compliant. But did you know that the majority of health entities are in danger of failing an HHS OCR audit?
See also: Snapshot of HIPAA and Healthcare Data Security
In the SecurityMetrics HIPAA Security Rule Report, we found some revealing information about the status of healthcare and HIPAA. Some key findings include:
Why is there such a large gap between C-suite understanding HIPAA and the reality of healthcare status? One reason is that C-suite levels often leave security up to the IT and Compliance officers. They don’t bother to learn about HIPAA because they assume that everything is being taken care of.
See also: How Healthcare Security Complacency is Killing Your Organization
Another issue is when many C-suites think of HIPAA compliance, they think of the HIPAA Privacy Rule. And while most organizations are doing fairly well in upholding the Privacy Rule, they’re struggling with the Security Rule, which is what a lot of C-suites don’t realize.
The Privacy Rule covers all the issues with keeping the patient’s data private. However, the Security Rule involves keeping patient information secure. Protected Health Information (PHI) is very valuable on the black market, and it’s much harder to replace.
The majority of health organizations are vulnerable to hackers, and the C-suites, the people who can do the most change by implementing policies and procedures, don’t realize they’re not actually HIPAA compliant.
These organizations often aren’t even fulfilling basic HIPAA requirements, which is why there are more data breaches happening.
See also: Your HIPAA Privacy Requirements Might Not Be Completed
Besides the fact that getting breached costs a lot both in lawsuits and fines, patients trust their information with these organizations.
Healthcare entities have a duty to protect their patients, which includes their patient’s data.
See also: SecurityMetrics HIPAA Guide
But there are simple steps to help you become HIPAA compliant. Here are some suggestions:
See also: Win Your Healthcare Security Marathon in 7 Steps
C-suites should dedicate more time and money to HIPAA security. Many organizations would argue that spending money on medical equipment is more important because that saves lives. But how do you think your patients lives will be when their stolen data denies them insurance, or misdiagnosis them?
Data security and HIPAA compliance doesn’t just protect the organizations, but the patients as well.
C-levels, it’s time to learn more about what your organization needs to become HIPAA compliant because hackers are getting more aggressive.
You can’t afford to be passive anymore; it’s time to be aggressive back.
.svg)
