Late to the HIPAA Compliance Security Table
by Donna Koger, 6.29.17 (with a little input from Leigh-Ann Renz)
Many healthcare IT specialists are reporting that healthcare (including mental + behavioral health) is later to the HIPAA compliance security table than other industries, such as finance and even government. Our industry suffered the second highest number of security incidents in the services organizations in 2016. This was highlighted just this week by a ransomware attack that affected large corporations like Merck - and even smaller mental health EHRs.
To answer that question, a free report by Symantec, the Internet Security Threat Report (ISTR), for healthcare includes the following findings:
- More planned and targeted attacks, including more ransomware, impacting healthcare through an increase in smaller incidents.
- A growing understanding that the risk is not just about client data, but about client care delivery, and potentially, even about client health itself.
Even though many in healthcare are spending more on IT, it is still not enough to say healthcare is moving at a fast pace toward HIPAA compliance and by extension protecting themselves from sophisticated and targeted attacks.
What Can You Do?
Check out this detailed article by Rob Reinhardt about how to maintain data security for mental + behavioral health care providers. We also have tons of practical how-to articles on our HIPAA Compliance blog. Click here to learn about ransomware attack prevention and recovery from a healthcare sector perspective, including the role HIPAA plays in helping organizations prevent and recover from attacks.
Clearly, it is not enough to be HIPAA compliant, IT security must be an equal requirement to compliance rather than merely an extension of it.
HITECH (Health Information Technology for Economic and Clinical Health) ISTR Report. http://www.hitechanswers.net/
Find more complimentary resources in our HIPAA Resource Center.
Our Most Popular Posts:
OMG HIPAA Compliance Key
2016 HIPAA Audit Series
Disaster Backup Plan: Are You Prepared?
HIPAA Compliance in a Nutshell
HIPAA Email Guidelines
Donna Koger is currently the HIPAA Compliance Officer and materials developer for software training and support at Smoky Mountain Information Systems, home of PIMSY EHR. Ms. Koger is also a regular contributor to the PIMSY EHR Blog.