You want to be HIPAA-compliant? You need to perform a risk assessment with the help of a Certified HIPAA Professional (CHP).
It's impossible to watch the news without weekly revelations of some new data breach – Target, Equifax, the WannaCry virus, and even teddy bears have been in the news.
As cybercrime continues to pay, attacks and breaches will continue and will especially affect unprepared businesses.
One industry is squarely in the crosshairs of hackers – healthcare.
Healthcare providers, payers, clearinghouses, and business associates and their subcontractors all must comply with HIPAA.
There is no HIPAA-in-a-box solution!
There are technologies that can help you implement your HIPAA-compliance strategy, but you can't buy HIPAA compliance.
And breaches that affect patients are starting to cause real pain for organizations. A quick look at the Healthcare IT News site reveals a growing number of fines, including a $2.5 million fine for CardioNet. A stolen laptop from an employee's car contained data for 1,391 patients. The company had not implemented – or even completed – plans for safeguarding protected health information (PHI).
Do you have $2.5 million to spare on paying a fine for policies you could implement for less than that?
Many companies don't know how at risk they are – a lot? Hardly at all? Somewhere in between?
That's why a cybersecurity assessment is so useful. By discovering gaps and cracks in your security and potential to lose PHI (personal health information) to a data breach, you can prioritize and take steps to present a nearly-impenetrable wall to hackers (I say “nearly” because there is no such thing as 100% information security – it doesn't exist, regardless of what advertising and marketing might try to convince you of).
How important is assessing risk? The HIPAA Security Rule mandates it, “Organizations must conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of its electronic PHI.”
This isn't just an exercise performed on paper or whiteboards, a technical review needs to be completed.
ecfirst, a provider of compliance and security training and solutions, outlines seven steps to enterprise HIPAA compliance:
The first step is to gather documentation (a partial list includes):
Great, you're thinking. What specifically do I need to assess? Here's a list:
I know; the preceding is an intimidating list, but a Datamax Certified HIPAA Professional (CHP) can most certainly help!