Top HIPAA Violations and How to Safeguard Against Them

Rev_HIPAA_Blog_Graphic32316As the Office for Civil Rights (OCR) runs through its next round of HIPAA compliance audits, it’s vital for healthcare organizations to think about what’s coming down the pipeline.

As reported by LifeHealthPro, privacy compliance watchers expect OCR to conduct “200 desk audits and 24 on-site audits this year.”

With the increasing number of random audits, healthcare organizations need to be prepared by knowing what violations they are at risk for and how to protect themselves.

Learn More: Meet Reva, a Chatbot powered by Artificial Intelligence

With technology evolving and security becoming a greater threat across all industries in 2016, organizations will be looking to the digital realm for protection.

Diagnostic Imaging recently shared that, “Just a few years ago, healthcare security threats focused on lost and stolen devices, but cyberattacks today include hacking, phishing, unleashing malware, extortion, and additionally in the last few months, ransomware (holding data for ransom), have all become increasingly popular.”

That is why healthcare organizations need to conduct risk assessments, thinking about how to protect data and also how to respond to attacks. Specifically, with the rise in cyberattacks, it’s important to conduct ongoing security assessments — such as updating IT resources with new patches and software that is outdated or unsupported. According to the Ponemon Institute, “criminal attacks in healthcare are up 125 percent since 2010 and are now the leading cause of data breach.”

The other side of this relates to eliminating unencrypted PHI and requiring employees to have their own sign-ins to view patient information — with all EHRs being encrypted and secure, there is greater protection against unauthorized access.

However, that leads to the next challenge, which is one that has existed in the healthcare industry for some time. It is not just the healthcare professionals that need to be trained, but also every single employee in the organization that has access to PHIs — this filters all the way down from administrators to janitors.

The HIPAA policies apply to anyone who has access to shared folders or cloud space that contains patient data.

Related: Easily Enable Virtual Care & Telehealth Deployments

That is why all employees should be trained on HIPAA regulations on an ongoing basis. Whether that is by holding monthly meetings with staff or sending tips via email — you can find potential knowledge gaps with online surveys and quizzes.

The concerns around securing patient information are continually on the rise, which is why healthcare organizations need to prepare for potential audits in advance. Part of this is keeping in mind the vulnerabilities within the digital and physical space.

Subscribe for Updates


Contact Sales

Recent Posts

Posts by Topic

see all