By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    physical health
    5 Ways Playing Games Can Improve Neural and Physical Health
    September 9, 2022
    Reasons For Hair Loss and Its Treatment
    Reasons For Hair Loss and Its Treatment
    February 16, 2022
    healthcare organization
    5 Actionable Strategies For Healthcare Organizations
    August 15, 2022
    Latest News
    Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
    May 16, 2025
    Learn how to Renew your Medical Card in West Virginia
    May 16, 2025
    Choosing the Right Supplement Manufacturer for Your Brand
    May 1, 2025
    Engineering Temporary Hospitals for Extreme Weather
    April 24, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    email marketing in healthcare
    Harnessing the Power of Email Marketing in Healthcare
    October 26, 2023
    healthcare claims
    The Role of Communication in Resolving Complex Workers’ Compensation Claims in Healthcare Settings
    September 22, 2024
    Wounds and Wisdom: What Motorcycle Accidents Teach Us About Health and Healing
    Wounds and Wisdom: What Motorcycle Accidents Teach Us About Health and Healing
    February 12, 2025
    Latest News
    Building Smarter Care Teams: Aligning Roles, Structure, and Clinical Expertise
    May 18, 2025
    The Critical Role of Healthcare in Personal Injury Recovery: A Comprehensive Guide for Victims
    May 14, 2025
    The Backbone of Successful Trials: Clinical Data Management
    April 28, 2025
    Advancing Your Healthcare Career through Education and Specialization
    April 16, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: Cybersecurity And HIPAA Compliance Go Hand In Hand: Here’s Why
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > eHealth > Cybersecurity And HIPAA Compliance Go Hand In Hand: Here’s Why
eHealth

Cybersecurity And HIPAA Compliance Go Hand In Hand: Here’s Why

Brian Gill
Last updated: November 29, 2018 8:01 pm
Brian Gill
Share
7 Min Read
SHARE

 

On June 30, a ransomware attack hit the Fetal Diagnostic Institute of the Pacific (FDIP) in Honolulu, with the provider noting that more than 40,000 patient records were potentially compromised. The attackers accessed the patient data within FDIP systems on the organization’s servers. FDIP contracted with a cybersecurity company for recovery, noted Jessica Davis. They cleared the virus from the infrastructure and put defenses in place to stop the problem from occurring again. The incident points to common concerns regarding cybersecurity and HIPAA compliance.

While no breach is easy, the institute was well-prepared. They had backups stored externally, on a separate network with its own authentication. Because they had the information stored elsewhere as an exact copy, they did not need to pay a ransom to get the same data from the cybercriminals (a tactic that is often unsuccessful anyway).

Cybersecurity is fundamental to HIPAA – and backup is just one aspect of securing your IT environments. Beyond setting up defenses against intrusion, insiders also must be considered.

More Read

Accuracy of Meaningful Use Reporting
5 Top iPhone Apps To Track Your Health
The Man Who Brought Computers Into Medicine
Interview/Podcast:HIT Interoperability with Cameron Deemer, President at DrFirst Pt. 1
Healthcare’s Digital Revolution

Why is digital security central to HIPAA?

Core to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the Security Rule. Short for the Security Standards for the Protection of Electronic Protected Health Information, this rule is best understood in light of the HIPAA Privacy Rule, which is the short form for the Standards for Privacy of Individually Identifiable Health Information. The Privacy Rule created national standards to make sure that confidential health data is properly protected. Using the Privacy Rule as its basis, the Security Rule specifically discusses the safeguards that must be put into place by organizations handling electronic protected health information (ePHI), which are of three types: administrative (e.g., risk assessments and training), physical (e.g., security cameras and ID checks, perhaps), and technical (e.g., virtual private networks and managed firewalls, perhaps).

Security of healthcare information – not just data – is the focus of HIPAA. For that reason, organizations handling PHI should be concerned with the findings of a Canadian study published in the spring (despite Canada not being governed by HIPAA). The research described an 18-month recycling audit of six teaching hospitals in which 2600 PII papers were found, with 1885 of them containing healthcare PII. These findings are a reminder that hard copies should not be neglected. Nonetheless, digital security is the central concern with HIPAA, especially given the the specific focus of the Security Rule.

Dealing with the insider threat

Your employees unfortunately pose a significant risk. Just take the example of Independence Blue Cross, an independent licensee of BlueCross BlueShield. Many of the agency’s policyholders had critical health data exposed because of an employee error at the Philadelphia-headquartered insurer. A file containing data on nearly 17,000 people – including patient names, dates of birth, provider information, and diagnostic codes – was uploaded by an employee to a public-facing website. It was accessible online from April 23 to July 20, when it was noticed and pulled from the site.

This situation is far from isolated. A poll run in collaboration between the Health Information and Management Systems Society (HIMSS) and identity governance firm SailPoint found that most IT staff members of healthcare entities see insiders as a more significant breach concern than outsiders. Backing up that concern, a study from Verizon found that more than half (58%) of health data breaches occurred because of insiders.

Training to increase healthcare cybersecurity

Employees can cause both large breaches and small ones. They can cause situations that are large in scope, like the incident in Philadelphia. They can also be responsible for more minor infractions, such as a nurse inappropriately mentioning a patient by name or looking at something they do not have a legitimate reason to access. To mitigate this risk, your staff must be trained on the essentials of HIPAA and on cybersecurity best practices.

Here is an outline of a standard HIPAA training curriculum:

Essentials on HIPAA and HIPAA compliance

  • Health Insurance Portability and Accountability Act of 1996 definition
  • How HIPAA applies in healthcare
  • Glossary of HIPAA-related jargon

HITECH

  • Health Information for Economic and Clinical Health Act of 2009 definition
  • How HITECH changed and broadened HIPAA regulations

Penalties

  • Fines
  • Prison time

PHI

  • Protected health information definition
  • Types of information that are considered PHI (e.g., social security numbers, dates of birth, and medical history)

Covered entities and compliance responsibilities

  • Covered entity definition
  • What is expected of covered entities related to personally identifiable health data
  • Types of organization that fall under the CE heading (e.g., healthcare data clearinghouses, hospitals, and insurance carriers)

Business associates

  • Business associate definition
  • The importance of the business associate agreement
  • Types of individuals and organizations that are BAs (e.g., consultancies, accountants, and data recovery companies)

Key rules

  • Privacy Rule description
  • Security Rule description
  • Breach Notification Rule description

Threats

  • Insider threats (including human error and malicious insider incidents)
  • Cybercriminal attack

Password policies

  • Your password policy
  • Multi-factor authentication (MFA) as an additional safeguard

Handling minors

  • The issue of legal guardianship
  • Possible decision not to disclose data (as with child abuse)

In Conclusion: Think Beyond Hacking

Cybersecurity is critical to maintaining HIPAA compliance – and cybersecurity requires you to look at internal threats as much as you do external ones. Through robust digital security and strong business associate relationships, in conjunction with a comprehensive training program, you can ensure you remain compliant and avoid the fallout of a breach.

TAGGED:cybersecuritydata securityHealthcare ProvidersHIPAAHIPAA complianceHIPAA securitypatient privacy
Share This Article
Facebook Copy Link Print
Share
By Brian Gill
Follow:
Brian Gill, CEO of Gillware Inc., is an entrepreneur, computer scientist and angel investor from Madison WI. He co-founded Gillware Data Recovery, one of the world’s most successful data recovery labs, in 2004 with his brother Tyler and PhD Greg Piefer. The trio, along with their business partners and Greg’s family, then founded Phoenix Nuclear Labs which currently manufactures the strongest compact neutron generators in the world. Brian was on the board of PNL when it was decided to spin off medical isotope startup SHINE Medical Technologies to tackle the Mo-99 crisis. Over 56,000 American patients are imaged every day and over 30 medical procedures require Mo-99, and as of 2018 0% of the world’s supply of Mo-99 is produced in the US. SHINE is on the verge of solving this problem. Brian also co-founded Gillware Data Services, a cloud SAAS and data analytics company which was acquired by StorageCraft in 2016. Most recently, he has teamed up with worldwide forensics thought leader Cindy Murphy to found Gillware Digital Forensics. These successes have allowed him to make over a dozen angel investments, most recently in Medaware Systems, Pacifica Labs and Allergy Amulet. He lives with his wife Kara and three sons in Middleton, WI.

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

Clinical Expertise
Building Smarter Care Teams: Aligning Roles, Structure, and Clinical Expertise
Health care
May 18, 2025
Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
Health
May 15, 2025
Learn how to Renew your Medical Card in West Virginia
Learn how to Renew your Medical Card in West Virginia
Health
May 15, 2025
Dr. Klaus Rentrop Shares Acute Myocardial Infarction heart treatment
Dr. Klaus Rentrop Shares Acute Myocardial Infarction
Cardiology
May 13, 2025

You Might also Like

digital patient
eHealthMedical EducationMedical EthicsPublic Health

Collaborating with Patients in the Digital Information Age

April 23, 2014

Health Tech Hatch – A New Way to Fund Innovation in Health Care

October 8, 2012
Image
BusinessNewsSocial Media

Person-Centered HealthCare: EndoGoal – the Diabetes App That Rewards

October 19, 2012

Are Healthcare Consumers at the Forefront of Digital Health?

March 26, 2014
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?