Healthcare Data Security is More Than Just HIPAA
Nearly three-quarters of healthcare organizations have suffered some kind of data breach or security incident in the past 12 months and more than 19 million people have had their health information compromised since the breach notification rule went into effect.
Hospitals and other healthcare organizations can be fined up to $1.5 million per year for serious security incidents under the HITECH Act, but the full cost of a breach isn’t limited to these fines.
A breach also costs, on average, $215 per record just to identify and notify affected individuals, which is required by law. This doesn’t include the intangible costs of losing your clients’ trust and damaging your public reputation.
These statistics should put fear into the hearts of healthcare compliance and data security managers, but many still work under the assumption that being compliant also makes them secure.
To be better prepared, it is critical that healthcare organizations consider all aspects of data security in their day-to-day business operations from Electronic Medical Records (EMR) and equipment to the policies and procedures carried out by the staff.
Compliance should be thought of as the floor, while security is the ceiling.
With security in mind, healthcare organizations should consider:
- Developing up-to-date security strategies for mobile devices and other new technologies.
- Using multi-factor authentication for these devices.
- Using advanced network monitoring or hiring a Managed Security Services Provider (MSSP) to monitor their network for them.
- Hiring security experts to test the security of their systems and find vulnerabilities that need to be addressed. A Strategic Security Assessment can help your organization begin a holistic approach to cybersecurity.
- Developing policies and procedures to address security concerns.
- Purchasing cyber risk insurance.
With the right tools, expertise and vigilance, a healthcare organization can be both compliant and secure.
Call us at 865-244-3500 or email us at firstname.lastname@example.org and let us secure your future.