By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author
We have seen the healthcare industry rise to the occasion this past year. Stepping up in more ways than can be counted and doing so under extraordinary conditions. Telehealth does offer a viable solution for many people who cannot travel outside of their homes, and at the same time, it offers a safe solution to anyone who is COVID-19 cautious.
Yet not all remote setups mean telehealth for patients. We are seeing some of the workforces now likely to remain permanently operating from home office environments for the foreseeable future. This has driven cybersecurity to the top of the priority list for many businesses and for many reasons. This is only been amplified by the increasing risk of a breach occurring to all businesses as the workforce is using equipment and software that isn’t as easy to maintain but serves to get the job done – so no one pays as much attention as they should. For the healthcare industry, all of this means that the risk of suffering a data breach, which was already a huge issue in healthcare, needs to be addressed simultaneously with the requirement to maintain HIPAA compliance. A double whammy on company resources.
As you’re all well aware, HIPAA requires that any covered entity or business associate which collects, processes, or stores protected health information (PHI) must have an implemented security and privacy program that protects this information. This is known as protecting confidentiality, integrity, and availability, or CIA.
While there is flexibility with ways in which this is attained, there is less, if not zero, leniency in ensuring that it happens in the first place. And it should be noted that this flexibility is not something that we can expect to last forever but has been a result of the unprecedented COVID-19 pandemic and the Office for Civil Rights (OCR) responding to that.
This means that your HIPAA team must work in close partnership with your IT department to make sure that all of the gaps are closed, and the cracks are sealed. These can no longer be thought of as two different agendas for any healthcare business, they must work in tandem to provide an impermeable seal around the data of your patients. Ideally, solutions can be created to go hand in hand so that you don’t have to work to make one fit the other.
This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.
HIPAA Secure Now! now offers PHIshMD training for CEs and BAs to help protect your organization from security threats.
Technology safeguards put a virtual wall around your network, but what happens when the bad actors climb over that wall? It’s up to your employees. Over 90% of breaches get caused by human error according to Kaspersky Lab, and if you’re not educating users HOW to protect your organization in this ever-changing threat landscape, your organization could be next. LEARN MORE