- Contact Us
If you work in the healthcare industry, there is zero doubt that you have heard about HIPAA Compliance thousands and thousands of times. The importance of keeping electronic protected health information confidential is pounded into us on a daily basis and for good reason. But what is HIPAA Compliance? We all know that it is a Federal Regulation specific to two types of organizations:
Today, both Covered Entities and Business Associates must follow the same exact requirements when it comes to complying with HIPAA. This is in big part to the final HIPAA Omnibus Rule back in 2013 that upped the ante for business associates, especially with the increase in outsourcing certain business functions (Click here to read the final HIPAA Omnibus Rule from 2013).
To keep things simple, HIPAA Compliance comes down to three key tasks for the protection of ePHI that they create, receive, maintain, or transmit. Those three tasks are as follows:
The challenge with HIPAA Compliance regulation is that it does not provide a definitive method on how to comply. Rather, it gives a few points for organizations to consider:
HIPAA Compliance, unlike some of the other compliance requirements (PCI Compliance, for example) is very gray. Complying with HIPAA can be very different from organization to organization, which creates a challenge. Organizations look to find a specific model to follow and replicate, which is difficult at best. They key is to assess your risk on a regular basis, not treating HIPAA Compliance as an annual "check-the-box" requirement. Our recommendation would be to conduct a formal risk assessment at least annually and when you make significant changes to any technology in your environment.
New statistics suggest that in 2016, 34.5% of all data breaches occurred in the healthcare vertical. While this remains essentially flat from 2015 data, it does not show a track record of improvement. This is a major concern. When you combine this data with the ransomware attacks that targeted healthcare in 2016, compliance becomes even more important and more of a challenge. Please contact us with any questions that you might have regarding HIPAA compliance!