April is AHIMA Privacy and Security Month, a great opportunity to keep confidentiality and security on everyone’s radar. The American Health Information Management Association (AHIMA) states, “The Privacy Rule sets the floor providing baseline requirements to preserve the overall confidentiality of protected health information (PHI) regardless of type (e.g. verbal, paper, electronic). The Security Rule applies only to protected health information in electronic form.”
(source: http://www.ahima.org/topics/psc)
A recent IBM report found that 2016 was a historic year for data breaches, but cyber criminals became more focused on financial services than healthcare. Twelve million records were compromised in healthcare in 2016, which kept it out of the top five most-breached industries. According to IBM, ransomware attacks in 2016 also had a 400 percent increase in spam, with nearly 44 percent of spam having malicious attachments.
Even though the numbers show that cyber criminals were focused on other sectors, ransomware attacks are increasingly a key data security issue for the healthcare industry. Overall, cybersecurity attacks have become a larger threat to the healthcare sector and providers need to take a proactive approach to protecting their information assets.
(source: http://healthitsecurity.com/news/2016-record-data-breach-year-attackers-less-healthcare-focused)
As cyber-attacks and breaches continue to stress the need for the privacy, security, and confidentiality of health information, each and every person in healthcare needs to do their part to make sure that sensitive healthcare data are kept safe and secure. That’s why our professionals at Primeau Consulting Group are on a mission to develop and implement policies and procedures to protect privacy and access to patient health information.
If you leave your home with the windows and front door open, you might invite in an unwelcome intruder. It’s the same with digital data. If you use mobile devices or online systems and accounts without strong protection, you leave the door open for cyber criminals who might intrude into your system.
By understanding the basics of what constitutes a HIPAA data breach, your healthcare organization will be able to create comprehensive data security plans tailored to your own daily operations. The three key factors are:
- Prepare yourself with the latest cybersecurity best practices
- Stay ahead of emerging threats
- Fine-tune your compliance house
Cyber criminals will continue to target healthcare. Don’t take the risk. Organizations with updated systems, a good defense strategy, advanced detection capabilities, precise policies and procedures, as well as trained and aware staff do have a much better chance against cyber-attacks.
Celebrate Privacy and Security month with us! We can help covered entities and their business associates to understand the basics of how HIPAA data breaches are determined, and what you can do to keep data secure. Organizations that don’t implement a solid Privacy & Security Management Program are taking a big risk. Don’t leave the door open for cyber-attacks and breaches. Keep them out.