While the goal of the Health Insurance Portability and Accountability Act (HIPAA Compliance) and Payment Card Industry Security Standard (PCI DSS Compliance) is to keep sensitive health and personal information private, the information is also the target of nation state hackers and criminal enterprise. Why?
Personal and health information present opportunity to cyber thieves in several ways. In addition to outright sale of business, personal, or health information gleaned from insecure networks, the information can be mined for access to bank accounts, financial networks, and used for larger and smaller data crimes, including identity theft.
Our company is at the forefront of providers offering 24/7 help, monitoring and support for compliance-concerned businesses. In this first of a two-part series about compliance, we’ll talk about HIPAA-compliant networks, and related issues such as HIPAA training requirements.
Despite the threat of fines and criminal liability for non-compliance with HIPAA regulations, data breach of health information occurs routinely.
In 2015, the federal Office of Personnel Management (OPM) was hacked by Chinese nation state agents. The breach yielded sensitive personal and security clearance information on more than 20 million people. Since mental and physical health is often considered for federal security clearance, part of the breach likely included a massive breach of compliance of HIPAA standards.
How do you move your organization or business toward HIPAA compliance?
For industry, becoming HIPAA-compliant requires response at all levels of your organization. As with creating and maintaining best practices for cyber security, a HIPAA compliance checklist includes wide-ranging tasks like:
Electronic health records (EHRs) enable physicians, institutions, and other providers to quickly share and access patient information. EHRs boost patient care capabilities in many ways—and they are also much easier to steal than a physical record.
When regulatory compliance is critical to your business model, your IT vendor should be able to walk you through the steps and services they offer to secure your network and ensure your business is HIPAA-compliant.
Compliant network security is a key service of Achieve Networks. When you have questions about HIPAA or PCI compliance, give us a call.