By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    improving patient experience
    6 Ways to Improve Patient Satisfaction Within Hospitals
    December 1, 2021
    degree for healthcare job
    What Are The Health Benefits Of Having A Degree?
    March 9, 2022
    custom software development is changing healthcare
    Digital Customer Journey Mapping and its Importance for Healthcare
    July 21, 2022
    Latest News
    Clean Your Mattress Properly to Avoid Common Health Issues
    March 29, 2023
    5 Benefits Of HIPAA-Compliant Answering Services
    March 28, 2023
    3 Ways To Deal With Health Issues In Cities With High Pollution
    March 22, 2023
    What Tools Should Your Caregiver Have?
    March 22, 2023
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    pic_giant_051012_C
    Will ObamaCare Finally Cause American Seniors to Turn Against Government Health Care?
    December 5, 2013
    Better Bedside Manners? What’s It’s Worth To You?
    September 25, 2011
    debt relief for hospitals
    Should We Bail Out Hospitals for Their Bad Debt?
    January 2, 2014
    Latest News
    What Are Bioidentical Hormones Made With?
    March 23, 2023
    Cover Medical Costs of Child Dog Bites with Legal Specialists
    March 23, 2023
    3 Ways to Improve the U.S. Healthcare System By 2030
    March 14, 2023
    6 Steps To Ensure Speed And Efficiency Of Clinical Studies
    March 14, 2023
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: Cybersecurity And HIPAA Compliance Go Hand In Hand: Here’s Why
Share
Sign In
Notification Show More
Latest News
healthy travel tips when visiting Australia
7 Essential Tips to Stay Safe and Healthy Visiting Australia
News
health risks of dirty mattress
Clean Your Mattress Properly to Avoid Common Health Issues
Health
eligble for NDIS?
Are You Eligible For NDIS? How To Apply
News
upgrade to your nursing career
4 Pertinent Ways to Upgrade Your Nursing Career
Nursing
career in nursing
8 Keys to A Fulfilling & Successful Career in Nursing
Career
Aa
Health Works CollectiveHealth Works Collective
Aa
Search
Have an existing account? Sign In
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > eHealth > Cybersecurity And HIPAA Compliance Go Hand In Hand: Here’s Why
eHealth

Cybersecurity And HIPAA Compliance Go Hand In Hand: Here’s Why

Brian Gill
Last updated: 2018/11/29 at 8:01 PM
Brian Gill
Share
7 Min Read
SHARE

 

On June 30, a ransomware attack hit the Fetal Diagnostic Institute of the Pacific (FDIP) in Honolulu, with the provider noting that more than 40,000 patient records were potentially compromised. The attackers accessed the patient data within FDIP systems on the organization’s servers. FDIP contracted with a cybersecurity company for recovery, noted Jessica Davis. They cleared the virus from the infrastructure and put defenses in place to stop the problem from occurring again. The incident points to common concerns regarding cybersecurity and HIPAA compliance.

While no breach is easy, the institute was well-prepared. They had backups stored externally, on a separate network with its own authentication. Because they had the information stored elsewhere as an exact copy, they did not need to pay a ransom to get the same data from the cybercriminals (a tactic that is often unsuccessful anyway).

Cybersecurity is fundamental to HIPAA – and backup is just one aspect of securing your IT environments. Beyond setting up defenses against intrusion, insiders also must be considered.

More Read

Electronic Health Records

Top Benefits of Electronic Health Records for Psychiatrists and Psychologists

How To Improve Patient Access Metrics
5 Ways Social Media Affects Teen Mental Health
6 Innovative Technologies Making Medical Diagnostics More Predictive
A Guide to Medical Billing Services for Small Practices

Why is digital security central to HIPAA?

Core to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the Security Rule. Short for the Security Standards for the Protection of Electronic Protected Health Information, this rule is best understood in light of the HIPAA Privacy Rule, which is the short form for the Standards for Privacy of Individually Identifiable Health Information. The Privacy Rule created national standards to make sure that confidential health data is properly protected. Using the Privacy Rule as its basis, the Security Rule specifically discusses the safeguards that must be put into place by organizations handling electronic protected health information (ePHI), which are of three types: administrative (e.g., risk assessments and training), physical (e.g., security cameras and ID checks, perhaps), and technical (e.g., virtual private networks and managed firewalls, perhaps).

Security of healthcare information – not just data – is the focus of HIPAA. For that reason, organizations handling PHI should be concerned with the findings of a Canadian study published in the spring (despite Canada not being governed by HIPAA). The research described an 18-month recycling audit of six teaching hospitals in which 2600 PII papers were found, with 1885 of them containing healthcare PII. These findings are a reminder that hard copies should not be neglected. Nonetheless, digital security is the central concern with HIPAA, especially given the the specific focus of the Security Rule.

Dealing with the insider threat

Your employees unfortunately pose a significant risk. Just take the example of Independence Blue Cross, an independent licensee of BlueCross BlueShield. Many of the agency’s policyholders had critical health data exposed because of an employee error at the Philadelphia-headquartered insurer. A file containing data on nearly 17,000 people – including patient names, dates of birth, provider information, and diagnostic codes – was uploaded by an employee to a public-facing website. It was accessible online from April 23 to July 20, when it was noticed and pulled from the site.

This situation is far from isolated. A poll run in collaboration between the Health Information and Management Systems Society (HIMSS) and identity governance firm SailPoint found that most IT staff members of healthcare entities see insiders as a more significant breach concern than outsiders. Backing up that concern, a study from Verizon found that more than half (58%) of health data breaches occurred because of insiders.

Training to increase healthcare cybersecurity

Employees can cause both large breaches and small ones. They can cause situations that are large in scope, like the incident in Philadelphia. They can also be responsible for more minor infractions, such as a nurse inappropriately mentioning a patient by name or looking at something they do not have a legitimate reason to access. To mitigate this risk, your staff must be trained on the essentials of HIPAA and on cybersecurity best practices.

Here is an outline of a standard HIPAA training curriculum:

Essentials on HIPAA and HIPAA compliance

  • Health Insurance Portability and Accountability Act of 1996 definition
  • How HIPAA applies in healthcare
  • Glossary of HIPAA-related jargon

HITECH

  • Health Information for Economic and Clinical Health Act of 2009 definition
  • How HITECH changed and broadened HIPAA regulations

Penalties

  • Fines
  • Prison time

PHI

  • Protected health information definition
  • Types of information that are considered PHI (e.g., social security numbers, dates of birth, and medical history)

Covered entities and compliance responsibilities

  • Covered entity definition
  • What is expected of covered entities related to personally identifiable health data
  • Types of organization that fall under the CE heading (e.g., healthcare data clearinghouses, hospitals, and insurance carriers)

Business associates

  • Business associate definition
  • The importance of the business associate agreement
  • Types of individuals and organizations that are BAs (e.g., consultancies, accountants, and data recovery companies)

Key rules

  • Privacy Rule description
  • Security Rule description
  • Breach Notification Rule description

Threats

  • Insider threats (including human error and malicious insider incidents)
  • Cybercriminal attack

Password policies

  • Your password policy
  • Multi-factor authentication (MFA) as an additional safeguard

Handling minors

  • The issue of legal guardianship
  • Possible decision not to disclose data (as with child abuse)

In Conclusion: Think Beyond Hacking

Cybersecurity is critical to maintaining HIPAA compliance – and cybersecurity requires you to look at internal threats as much as you do external ones. Through robust digital security and strong business associate relationships, in conjunction with a comprehensive training program, you can ensure you remain compliant and avoid the fallout of a breach.

TAGGED: cybersecurity, data security, Healthcare Providers, HIPAA, HIPAA compliance, HIPAA security, patient privacy

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Brian Gill November 29, 2018
Share this Article
Facebook Twitter Copy Link Print
Share
By Brian Gill
Follow:
Brian Gill, CEO of Gillware Inc., is an entrepreneur, computer scientist and angel investor from Madison WI. He co-founded Gillware Data Recovery, one of the world’s most successful data recovery labs, in 2004 with his brother Tyler and PhD Greg Piefer. The trio, along with their business partners and Greg’s family, then founded Phoenix Nuclear Labs which currently manufactures the strongest compact neutron generators in the world. Brian was on the board of PNL when it was decided to spin off medical isotope startup SHINE Medical Technologies to tackle the Mo-99 crisis. Over 56,000 American patients are imaged every day and over 30 medical procedures require Mo-99, and as of 2018 0% of the world’s supply of Mo-99 is produced in the US. SHINE is on the verge of solving this problem. Brian also co-founded Gillware Data Services, a cloud SAAS and data analytics company which was acquired by StorageCraft in 2016. Most recently, he has teamed up with worldwide forensics thought leader Cindy Murphy to found Gillware Digital Forensics. These successes have allowed him to make over a dozen angel investments, most recently in Medaware Systems, Pacifica Labs and Allergy Amulet. He lives with his wife Kara and three sons in Middleton, WI.
Previous Article Medical Marijuana For Cancer Patients: Potential Relief And Benefits
Next Article 8 Tips to Pass Nicotine Test When Getting a Life Insurance

Stay Connected

1.5k Followers Like
4.5k Followers Follow
2.8k Followers Pin
136k Subscribers Subscribe

Latest News

healthy travel tips when visiting Australia
7 Essential Tips to Stay Safe and Healthy Visiting Australia
News March 29, 2023
health risks of dirty mattress
Clean Your Mattress Properly to Avoid Common Health Issues
Health March 29, 2023
eligble for NDIS?
Are You Eligible For NDIS? How To Apply
News March 29, 2023
upgrade to your nursing career
4 Pertinent Ways to Upgrade Your Nursing Career
Nursing March 29, 2023

You Might also Like

hipaa-compliant answering services
Policy & Law

5 Benefits Of HIPAA-Compliant Answering Services

March 28, 2023
employee's wellness
Health

How Hospitals and Other Healthcare Providers Can Boost Employee Morale

February 13, 2023
healthcare video marketing
MarketingSocial Media

How to Maintain a Successful YouTube Channel as a Healthcare Organization: Advantages of Video Marketing for your Medical Practice

November 9, 2022
Cybersecurity Best Practices for Healthcare Organizations
Health

Cybersecurity Best Practices for Healthcare Organizations

October 28, 2022
//

We influence million of users and is the most authentic source of information on healthcare business and technology news.

Quick Links

  • About
  • Contact
  • Privacy
Subscribe

Subscribe to our newsletter to get our newest articles instantly!

Follow US

© 2008-2023 HealthWorks Collective. All Rights Reserved.

Removed from reading list

Undo
Welcome Back!

Sign in to your account

Lost your password?