Revisiting Top HIPAA Violations and Safeguarding Tech Against Them

This post was originally published in April 2016. Yet as HIPAA and HITRUST certifications become increasingly important for health IT vendors, we felt the topic of HIPAA violations and safeguarding patient technology was worth revisiting — especially as healthcare cyberattacks continue to rise.

Recently Doug Weber outlined what it takes to build a security-first culture. Now here's a look back into why it's so important for anyone connected to the healthcare industry to have one implemented; because often, the exposure of sensitive data begins with a lack of protocol on the inside.

As we continue into 2016 and the Office for Civil Rights (OCR) runs through its next round of HIPAA compliance audits, it’s vital for healthcare organizations to think about what’s coming down the pipeline.

As reported by LifeHealthPro, privacy compliance watchers expect OCR to conduct “200 desk audits and 24 on-site audits this year.”

With the increasing number of random audits, healthcare organizations need to be prepared by knowing what violations they are at risk for and how to protect themselves.

With technology evolving and security becoming a greater threat across all industries in 2016, organizations will be looking to the digital realm for protection.

Diagnostic Imaging recently shared that, “Just a few years ago, healthcare security threats focused on lost and stolen devices, but cyberattacks today include hacking, phishing, unleashing malware, extortion, and additionally in the last few months, ransomware (holding data for ransom), have all become increasingly popular.”

That is why healthcare organizations need to conduct risk assessments, thinking about how to protect data and also how to respond to attacks. Specifically, with the rise in cyberattacks, it’s important to conduct ongoing security assessments — such as updating IT resources with new patches and software that is outdated or unsupported. According to the Ponemon Institute, “criminal attacks in healthcare are up 125 percent since 2010 and are now the leading cause of data breach.”

The other side of this relates to eliminating unencrypted PHI and requiring employees to have their own sign-ins to view patient information — with all EHRs being encrypted and secure, there is greater protection against unauthorized access.

However, that leads to the next challenge, which is one that has existed in the healthcare industry for some time. It is not just the healthcare professionals that need to be trained, but also every single employee in the organization that has access to PHIs — this filters all the way down from administrators to janitors.

The HIPAA policies apply to anyone who has access to shared folders or cloud space that contains patient data.

That is why all employees should be trained on HIPAA regulations on an ongoing basis. Whether that is by holding monthly meetings with staff or sending tips via email — you can find potential knowledge gaps with online surveys and quizzes.

The concerns around securing patient information are continually on the rise, which is why healthcare organizations need to prepare for potential audits in advance. Part of this is keeping in mind the vulnerabilities within the digital and physical space.

Modernize Communications with LinkLive Healthcare
Built with patient access best practices in mind, LinkLive Healthcare delivers a secure platform to measure, manage, and optimize communication channels.