By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author
Humans or HIPAA?
When it comes to healthcare organizations addressing the HIPAA compliance of their business, many feel prepared and comfortable, readily checking that “compliant” box. But addressing the human part of security falls by the wayside too often. Compliance and cybersecurity, which includes human security, both need to be a part of your overall strategic plan.
“If I have security, I’m ok with compliance, right?” No, but you’re not alone in assuming that addressing one will take care of the other. It is an easy mistake to make, and one that many healthcare businesses too often make. Compliance and cybersecurity work together to keep you up, running and protected from a technical and federal regulations standpoint, but address different components.
When This Doesn’t Mean That
HIPAA compliance will take care of the laws and regulations that you need to adhere to. Cybersecurity addresses the gaps or weaknesses in a business that makes that entity vulnerable to hackers. If a breach occurs, your HIPAA compliance will be addressed by government agencies to make sure you were in accordance, and this will protect you legally in some respects. So, in this regard, they work together to protect you, but cybersecurity must be your first line of defense.
With an increased value being put on healthcare data by cybercriminals, the target gets bigger every day on the business’s back. Right alongside those increased values is the matching rise in the number of data breaches each year. Healthcare data is sold for 10-20 times that of stolen credit card numbers, so where do you think hackers are focusing? Just like most businesses, they go where the money is. To add to the damage being done, they are not just focused on data theft, but also overall disruption to the business with targeted employee attacks.
Healthcare must begin to look at cybersecurity with the same reverence that they hold HIPAA compliance in. Protecting your business and patient data should be an effort that combines both strategies. If your IT provider isn’t discussing this with you, it doesn’t mean that they aren’t doing it already, but don’t assume. Ask questions, work together and make a plan that secures your business as a whole, not just segments of it.
This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.
HIPAA Secure Now! suite of subscriptions offers an extensive list of tools to provide ongoing training, assessment, moderation activities and more to support an organization’s privacy and security efforts. Subscriptions also support the process of conducting an annual Security Risk Assessment to meet MIPS and Promoting Interoperability requirements.
The subscriptions work for organizations of all sizes, both Covered Entities and Business Associates. All are priced at a flat annual fee, based on number of employees, for a full 12 months. All include a discount if purchased through us.
EXPLORE SUBSCRIPTION LEVELS HERE
If your organization has more than 50 employees, or if you’d like to schedule a demo or you just want to get a couple questions answered, take a few seconds to complete this form and we will get back to you.