[thumbnail target=”_self” src=”https://www.rincon.co.in/site/wp-content/uploads/2019/01/Healthcare-1024×560.jpg”]
HIPAA is an incredibly influential part of the US healthcare regulatory landscape. Because its focus is the security of electronic personal information, it’s no surprise that the law and its requirements continue to evolve as the tech landscape changes.
While this is ultimately a good thing, ensuring that the law makes sense in regards to the resources available and challenges faced in healthcare IT, it can also make HIPAA compliance a bit of a moving target. What doesn’t change, however, is the extreme consequences of a security breach.
1. It’s Not the Fines That Get You
A HIPAA breach can deliver a serious blow to your organization’s financials, but the costs may not be coming from where you think. The requirement to publicize that the breach occurred can cause more damage than a government fine.
[well type=””]
“If you do the math and you look at an organization that has 10,000 records, that’s between $2 million and $4 million worth of risk. 25,000 records? Up to $10 million in risk. And 100,000 records mean $40 million in risk. Now, I’m saying risk because it’s not the cost of the breach itself. A study shows that about one-third of these numbers is the actual cost of the breach.
The cost of the breach includes notifying patients and hiring lawyers. If it’s a big breach, you have to set up an 800-number and have people answering it. You may have to do credit monitoring. That’s about a third of these costs. What’s the other two-thirds? It’s the loss of business.”
–Mike Semel
President & Chief Compliance Officer, Semel Consulting
[/well]
2. Inattention is No Excuse, Even If Nothing Bad Happens
The law requires organizations to secure information from prying eyes, whether those eyes are there or not. Organizations are required to make sure all their systems are properly maintained, even if that means installing a completely new operating system (which may itself require new hardware).
[well type=””]
“HIPAA says that you have to have devices that are currently supported with patches and updates in order to be compliant.”
–Mike Semel
President & Chief Compliance Officer, Semel Consulting
[/well]
3. HIPAA Breaches Can Even Come from Within
It’s important to remember that HIPAA violations aren’t always caused by malicious outsiders, your own employees can be a source of trouble, either intentionally or unintentionally. It’s essential to remember that HIPAA requires only relevant staff have access to any given record. If a nurse looks at the diagnosis for a celebrity staying in another ward, that’s a violation. If your radiology department email’s a patient’s x-ray results to the wrong doctor, that’s a violation.
Regular training and oversight are key to protecting your organization against threats from within, in addition to keeping bad actors out.
4. A Key to Better Health Data Security Can Be Simplicity
Because many data security solutions are cumbersome, it is common for staff to circumvent them by relying on insecure (but more user-friendly) consumer file-exchange solutions instead. The best way to keep this from happening? Make your security rules easier rather than weaker.
If sending a document via Fax-Over-IP or a secure file exchange solution is as easy as sending an unsecured email, your employees are much more likely to do it. By making proper compliance the path of least resistance, you streamline workflows, reduce staff frustration, and better protect your organization.
Ready to streamline regulatory compliance with XMedius secure document exchange solutions?
The original article can be found here.
For more information e-mail us on sales@rincon.co.in and we will be glad to assist you.
