SOURCES OF CYBERSECURITY VULNERABILITIES
COMPUTERS - EMAIL - INTERNET - DATA STORAGE - BROWSERS
APPLICATION PROGRAMS - PDF DOCUMENTS - SOCIAL MEDIA
Is Your Patient Information Secure?
The HIPAA Security Rule
The Health Insurance Portability and Accountability Act (HIPAA) Security Rule establishes national standards to protect individuals’ electronic personal health information created, received, used, or maintained by a covered entity. The Security Rule requires the proper administrative, physical and technical safeguards to make sure the confidentiality, integrity, and security of electronic protected health information.
Prior to HIPAA, no accepted set of security standards or general requirements for protecting health information existed in the health care industry. New technologies were evolving, and the health care industry moved away from paper processes and relied more on electronic information systems to pay claims, answer eligibility questions, offer health information and conduct a host of other administrative and clinical based functions.
Today, providers are using clinical applications such as computerized physician order entry (CPOE) systems, electronic health records (EHR), and radiology, pharmacy, and laboratory systems. Health plans are providing access to claims and care management, and member self-service applications. While this means that the medical workforce can be more mobile and efficient (i.e., physicians can check patient records and test results from wherever they are), the rise in the adoption rate of these technologies increases the potential security risks.
A major goal of the Security Rule is to protect the privacy of individuals’ health information while allowing covered entities to adopt new technologies to improve the quality and efficiency of patient care. Given that the health care marketplace is diverse, the Security Rule is flexible and scalable so a covered entity can carry out policies, procedures, and technologies appropriate for the entity’s size, organizational structure, and risks to consumers’ e-PHI.
What Information Is Protected?
The HIPAA Privacy Rule protects the privacy of individually identifiable health information, called protected health information (PHI), as explained in the Privacy Rule and here – PDF – PDF. The Security Rule protects a subset of information covered by the Privacy Rule, which is all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form. The Security Rule calls this information “electronic protected health information” (e-PHI).3 The Security Rule does not apply to PHI transmitted orally or in writing.
Who Is Required To Protect Patient Information?
The Security Rule applies to health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form in connection with a insurance or administrative transaction.
- Independent Pharmacies
- Family Medicine Practices
- Mental Health Service Providers
- Dentists
- Ophthalmologists and Optometrists
- Urgent Care Centers
- Specialty Medical Practices
What are the Risks of Non-Compliance or Inadequate Protection?
Non-compliance with HIPAA could put you at danger of these 5 significant consequences. Keep in mind that these will vary depending on the degree and evaluation of the offense. HIPAA compliance covers anyone with access to protected health information (PHI). Here is a list of the risks for non-compliance:
- The employer may take disciplinary action against you
- Termination of employment
- Professional boards have imposed sanctions which can include fines, probation, or loss of your license to practice
- Civil penalties apply when you’re aware of (or required to be aware of) the HIPAA laws but nonetheless break them, then you’ll face civil fines. Fines vary from $100 per infraction to $25,000 if the same act is committed multiple times
- Criminal charges apply for breaking the law. The penalties for willful HIPAA non-compliance are substantially harsher. It can range between $50,000 and $250,000. Damages will be your responsibility as well and you may be sentenced to prison if you break HIPAA’s criminal provisions
Are You Really Protected? How Do You Know?
If you work with health-related data, you should take HIPAA compliance training. You should make sure that only the right people have access to PHI. To comply with HIPAA regulations, you’ll need the help of an IT company using proven operational procedures and cybersecure technology.
What You Should Do Now!
Contact us for a Security Audit/Assessment.