HIPAA: Breaches & Fines

HIPAA laws have been revised with the omnibus final rule that took effect on September 23, 2013. It has resulted in an added level of compliance standards and stringent oversight guidelines governing the way HIPAA covered entities handle ePHI's (Electronic Protected Health Information) [1].

According to healthcare reports, the growing number of security threats to sensitive patient data is still not top of mind given the industry's security position. When it comes to information security, data breach, cybersecurity, PHI, and compliance with industry HIPAA regulations, the healthcare industry is roughly10 years behind the retail and financial services sectors.
An FBI Warning
In February, 2014 a two-page FBI warning was issued to the healthcare industry concerning the lack of industry preparation for cyberattacks. The warning addressed the possibility of increased attacks resulting in cybersecurity challenges, including data breaches.
The FBI warning was based on a report from SANS, a nonprofit organization that trains cybersecurity professionals. SANS stated that the healthcare industry was not well-prepared to handle growing cyber threats. The nonprofit also pointed to hundreds of attacks on routers, radiology imaging software, firewalls, and video conferencing equipment [2].
HIPAA Data Breach
An effective way to avoid fines and the high costs of a HIPAA data breach is with Risk Analysis (which includes evaluating an operation’s overall value when instituting a security methodology). One example involves New York and Presbyterian along with Columbia University. Improper safeguards lead to accessible ePHI through their shared server. This breach was found to include medical records such as patient status, vital signs, medications and laboratory results. They now must pay out millions in a settlement that is the result of the institutions being found out of compliance [3].
 This case highlights the need for Risk Analysis to identify the exact locations of patient data, check file integrity, create a critical infrastructure and determine how to safely secure the information.
 
Start meeting your HIPAA requirements with CimTrak today.
Jacqueline von Ogden

Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".