By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    stress management for healthcare workers
    3 Tips For Healthcare Professionals: How To Stay Beautiful, Healthy, and Happy
    November 2, 2021
    importance of relaxing on the weekend for your health
    Importance of Relaxing During the Weekend for Optimal Health
    March 25, 2022
    LASIK Eye Surgery
    What Is LASIK Eye Surgery?
    May 16, 2022
    Latest News
    5 Steps to a Promising Career as a Healthcare Administrator
    July 31, 2025
    Why Custom Telemedicine Apps Outperform Off‑the‑Shelf Solutions
    July 20, 2025
    How Probate Planning Shapes the Future of Your Estate and Family Care
    July 17, 2025
    Beyond Nutrition: Everyday Foods That Support Whole-Body Health
    June 15, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    You Probably Thought the Public Option Was Dead
    June 1, 2011
    Employers as Doctors
    July 9, 2011
    Pushback On My Medicare Proposals
    August 12, 2011
    Latest News
    How IT and Marketing Teams Can Collaborate to Protect Patient Trust
    July 17, 2025
    How Health Choices and Legal Actions Intersect After an Injury
    July 17, 2025
    How communities and healthcare providers can address slip and fall injuries with legal awareness
    July 17, 2025
    Let Your Lawyer Handle the Work Before You Pay Medical Costs
    July 6, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: Cybersecurity And HIPAA Compliance Go Hand In Hand: Here’s Why
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > eHealth > Cybersecurity And HIPAA Compliance Go Hand In Hand: Here’s Why
eHealth

Cybersecurity And HIPAA Compliance Go Hand In Hand: Here’s Why

Brian Gill
Brian Gill
Share
7 Min Read
SHARE

 

On June 30, a ransomware attack hit the Fetal Diagnostic Institute of the Pacific (FDIP) in Honolulu, with the provider noting that more than 40,000 patient records were potentially compromised. The attackers accessed the patient data within FDIP systems on the organization’s servers. FDIP contracted with a cybersecurity company for recovery, noted Jessica Davis. They cleared the virus from the infrastructure and put defenses in place to stop the problem from occurring again. The incident points to common concerns regarding cybersecurity and HIPAA compliance.

While no breach is easy, the institute was well-prepared. They had backups stored externally, on a separate network with its own authentication. Because they had the information stored elsewhere as an exact copy, they did not need to pay a ransom to get the same data from the cybercriminals (a tactic that is often unsuccessful anyway).

Cybersecurity is fundamental to HIPAA – and backup is just one aspect of securing your IT environments. Beyond setting up defenses against intrusion, insiders also must be considered.

More Read

HIPAA Marketing Rule Guidance: Better Than Nothing
Sensors and Smartphones Bring the Baby Monitor Into 2013
Meaningful Use: Transforming Patient Engagement
Two Tools To Streamline Your Healthcare Social Media
Beyond the Buzz: A Guide to Analyzing Healthcare Hashtags

Why is digital security central to HIPAA?

Core to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the Security Rule. Short for the Security Standards for the Protection of Electronic Protected Health Information, this rule is best understood in light of the HIPAA Privacy Rule, which is the short form for the Standards for Privacy of Individually Identifiable Health Information. The Privacy Rule created national standards to make sure that confidential health data is properly protected. Using the Privacy Rule as its basis, the Security Rule specifically discusses the safeguards that must be put into place by organizations handling electronic protected health information (ePHI), which are of three types: administrative (e.g., risk assessments and training), physical (e.g., security cameras and ID checks, perhaps), and technical (e.g., virtual private networks and managed firewalls, perhaps).

Security of healthcare information – not just data – is the focus of HIPAA. For that reason, organizations handling PHI should be concerned with the findings of a Canadian study published in the spring (despite Canada not being governed by HIPAA). The research described an 18-month recycling audit of six teaching hospitals in which 2600 PII papers were found, with 1885 of them containing healthcare PII. These findings are a reminder that hard copies should not be neglected. Nonetheless, digital security is the central concern with HIPAA, especially given the the specific focus of the Security Rule.

Dealing with the insider threat

Your employees unfortunately pose a significant risk. Just take the example of Independence Blue Cross, an independent licensee of BlueCross BlueShield. Many of the agency’s policyholders had critical health data exposed because of an employee error at the Philadelphia-headquartered insurer. A file containing data on nearly 17,000 people – including patient names, dates of birth, provider information, and diagnostic codes – was uploaded by an employee to a public-facing website. It was accessible online from April 23 to July 20, when it was noticed and pulled from the site.

This situation is far from isolated. A poll run in collaboration between the Health Information and Management Systems Society (HIMSS) and identity governance firm SailPoint found that most IT staff members of healthcare entities see insiders as a more significant breach concern than outsiders. Backing up that concern, a study from Verizon found that more than half (58%) of health data breaches occurred because of insiders.

Training to increase healthcare cybersecurity

Employees can cause both large breaches and small ones. They can cause situations that are large in scope, like the incident in Philadelphia. They can also be responsible for more minor infractions, such as a nurse inappropriately mentioning a patient by name or looking at something they do not have a legitimate reason to access. To mitigate this risk, your staff must be trained on the essentials of HIPAA and on cybersecurity best practices.

Here is an outline of a standard HIPAA training curriculum:

Essentials on HIPAA and HIPAA compliance

  • Health Insurance Portability and Accountability Act of 1996 definition
  • How HIPAA applies in healthcare
  • Glossary of HIPAA-related jargon

HITECH

  • Health Information for Economic and Clinical Health Act of 2009 definition
  • How HITECH changed and broadened HIPAA regulations

Penalties

  • Fines
  • Prison time

PHI

  • Protected health information definition
  • Types of information that are considered PHI (e.g., social security numbers, dates of birth, and medical history)

Covered entities and compliance responsibilities

  • Covered entity definition
  • What is expected of covered entities related to personally identifiable health data
  • Types of organization that fall under the CE heading (e.g., healthcare data clearinghouses, hospitals, and insurance carriers)

Business associates

  • Business associate definition
  • The importance of the business associate agreement
  • Types of individuals and organizations that are BAs (e.g., consultancies, accountants, and data recovery companies)

Key rules

  • Privacy Rule description
  • Security Rule description
  • Breach Notification Rule description

Threats

  • Insider threats (including human error and malicious insider incidents)
  • Cybercriminal attack

Password policies

  • Your password policy
  • Multi-factor authentication (MFA) as an additional safeguard

Handling minors

  • The issue of legal guardianship
  • Possible decision not to disclose data (as with child abuse)

In Conclusion: Think Beyond Hacking

Cybersecurity is critical to maintaining HIPAA compliance – and cybersecurity requires you to look at internal threats as much as you do external ones. Through robust digital security and strong business associate relationships, in conjunction with a comprehensive training program, you can ensure you remain compliant and avoid the fallout of a breach.

TAGGED:cybersecuritydata securityHealthcare ProvidersHIPAAHIPAA complianceHIPAA securitypatient privacy
Share This Article
Facebook Copy Link Print
Share
By Brian Gill
Follow:
Brian Gill, CEO of Gillware Inc., is an entrepreneur, computer scientist and angel investor from Madison WI. He co-founded Gillware Data Recovery, one of the world’s most successful data recovery labs, in 2004 with his brother Tyler and PhD Greg Piefer. The trio, along with their business partners and Greg’s family, then founded Phoenix Nuclear Labs which currently manufactures the strongest compact neutron generators in the world. Brian was on the board of PNL when it was decided to spin off medical isotope startup SHINE Medical Technologies to tackle the Mo-99 crisis. Over 56,000 American patients are imaged every day and over 30 medical procedures require Mo-99, and as of 2018 0% of the world’s supply of Mo-99 is produced in the US. SHINE is on the verge of solving this problem. Brian also co-founded Gillware Data Services, a cloud SAAS and data analytics company which was acquired by StorageCraft in 2016. Most recently, he has teamed up with worldwide forensics thought leader Cindy Murphy to found Gillware Digital Forensics. These successes have allowed him to make over a dozen angel investments, most recently in Medaware Systems, Pacifica Labs and Allergy Amulet. He lives with his wife Kara and three sons in Middleton, WI.

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

5 Steps to a Promising Career as a Healthcare Administrator
5 Steps to a Promising Career as a Healthcare Administrator
Health
July 31, 2025
holistic dental
Holistic Dentist Services Are Natural and Safe
Dental health Specialties
July 28, 2025
botox certification
Help Improve People’s Skin Health Via Botox Certification
Skin Specialties
July 22, 2025
Telemedicine Apps
Why Custom Telemedicine Apps Outperform Off‑the‑Shelf Solutions
Health
July 20, 2025

You Might also Like

The Connected Patient Is Here

December 22, 2014

How Big Data Hadoop Can Save Patients from a Crippling Healthcare System

July 28, 2014
Vancouver Convention Centre
eHealthTechnology

Big Distances Make the Case for Telemedicine: Recap from the Canadian E-Health Conference

June 15, 2014
eHealthMobile Health

Top 5 Ways Mobile Apps Are Impacting Health And Fitness Industries

August 28, 2019
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?