HIPAA is in the news all the time. Whether it is the tragedy that struck Orlando last weekend, the news of the HIPAA Audits coming, or a new healthcare breach being reported, we are constantly bombarded with why HIPAA compliance is critical. As with any organization, protecting and safeguarding the sensitive information that you possess is not only essential, it is your responsibility to the customers that you serve. This sensitive information can be a variety of different types, from personally identifiable information like your name, address, email address, and answers to security questions, to credit/debit card information, to protected health information. What makes Healthcare Organizations, both covered entities and business associates unique, is that they possess all of the information above. A covered entity has a significant amount of data on a patient, not only their PHI but also their PII and payment information (in most cases). When you think about it, that is a significant amount of information for one organization to hold and be responsible for.
HIPAA only really cares about the PHI or ePHI that a healthcare organization holds in their systems. That doesn't mean that the other information is less important, it simply means that there is a specific federal regulation that mandates healthcare organizations follow certain steps and implement specific controls to protect the PHI and ePHI they process, transmit, and store. Along with the HIPAA Privacy, Security, and Breach rules comes the HIPAA Audit program, which is entering what the Department of Health and Human Services calls Phase 2. One of the most important pieces of HIPAA and the HIPAA Audit program has to do with organizations conducting a thorough, ongoing Risk Assessment. This is not a "one and done" situation as threats change constantly, especially when it comes to the area of IT Security. Outside of being required to do a risk assessment to comply with HIPAA, here are 3 very important reasons why you must conduct a HIPAA Risk Assessment on a regular basis:
The healthcare sector is under attack. Couple that with the challenges that are specific to healthcare and this can be a dangerous scenario. As part of our monthly webinar series, Compass IT Compliance is presenting on the challenges that are specific to Healthcare organizations and some strategies that you can implement immediately to mitigate your risk of a breach. See below for more details and to register:
When: Thursday June 23rd @ 1:00 PM EST
Duration: 30 Minutes with Q&A Session
Where: Online, register below