5 Essential Tech Tips for Small to Medium Size Businesses
August 29, 2016
Understanding PCI Compliance When Payment Processing is Part of Your Business
September 13, 2016
Complying with legislation and industry standards is critical as vulnerable personal and business information continues to migrate online.
While the goal of the Health Insurance Portability and Accountability Act (HIPAA Compliance) and Payment Card Industry Security Standard (PCI DSS Compliance) is to keep sensitive health and personal information private, the information is also the target of nation state hackers and criminal enterprise. Why?
Personal and health information present opportunity to cyber thieves in several ways. In addition to outright sale of business, personal, or health information gleaned from insecure networks, the information can be mined for access to bank accounts, financial networks, and used for larger and smaller data crimes, including identity theft.
Our company is at the forefront of providers offering 24/7 help, monitoring and support for compliance-concerned businesses. In this first of a two-part series about compliance, we’ll talk about HIPAA-compliant networks, and related issues such as HIPAA training requirements.
What does it mean to be HIPAA compliant?
HIPAA is a set of rules and standards intended to protect the individual privacy of personal health information (PHI). Types of PHI include:
- Contact information, including names and addresses, telephone, and email information
- Medical records, passwords, medical report numbers, identifying photographs or images
- Social security information
- Date information for patient and family including admission, treatment, or discharge information
Despite the threat of fines and criminal liability for non-compliance with HIPAA regulations, data breach of health information occurs routinely.
In 2015, the federal Office of Personnel Management (OPM) was hacked by Chinese nation state agents. The breach yielded sensitive personal and security clearance information on more than 20 million people. Since mental and physical health is often considered for federal security clearance, part of the breach likely included a massive breach of compliance of HIPAA standards.
According to the U.S. Department of Health and Human Services (HHS), in July, 2016 alone, more than 80,000 healthcare providers suffered data breach.
How do you move your organization or business toward HIPAA compliance?
Create your HIPAA compliance checklist
For industry, becoming HIPAA-compliant requires response at all levels of your organization. As with creating and maintaining best practices for cyber security, a HIPAA compliance checklist includes wide-ranging tasks like:
- Gain legal guidance to your business group on HIPAA applicability and compliance.
- Assess the collection, flow, transmission, and storage of patient data in your facility or organization.
- Understand compliance as it relates to cyber and physical security best practices. Do not forget mobile applications or devices in use.
- Approach compliance objectives systemically.
- Implement routine reviews and reassessments.
- Understand, deploy, and maintain HIPAA training requirements for all staff.
Electronic health records (EHRs) enable physicians, institutions, and other providers to quickly share and access patient information. EHRs boost patient care capabilities in many ways—and they are also much easier to steal than a physical record.
When regulatory compliance is critical to your business model, your IT vendor should be able to walk you through the steps and services they offer to secure your network and ensure your business is HIPAA-compliant.
Compliant network security is a key service of Achieve Networks. When you have questions about HIPAA or PCI compliance, give us a call.
