Healthcare thought-leadership

HIPAA Compliance Checklist – Pitfalls to Avoid

For a healthcare organization to be HIPAA compliant it needs to ensure that the right controls are in place to protect the privacy of patient information. This means that controls are provided to ensure that sensitive patient information is not left visible to non-relevant parties and that the exchange of information between practitioners follows HIPAA standards of encryption and access control.

While these standards seem straight forward, it is important to note that HIPAA was established before cyber security threats became the issue they are today. Cyber security threats continue to plague hospitals and expose them to HIPAA fines. Perhaps the best way for institutions to protect themselves from attacks and gain the upper hand against would be attackers is to maintain constant vigilance.

The cost of failing to maintain vigilance is substantial. HIPAA violations can result in substantial fines to a practice ranging from $100 to $1.5 million. Indeed, in 2016 Hollywood Presbyterian Medical Center (HPMC) had to pay $17,000 after a ransomware attack, which encrypted its EHR and demanded the sum of money in exchange for the encryption key.

This ebook will look to highlight 5 points that healthcare organizations can embrace to improve their chances of remaining HIPAA compliant and vigilant about network security. Healthcare organizations work to improve their ability to thwart attackers and defend themselves against intrusions by attackers. By starting with some straight forward actions , healthcare organizations will dramatically improve their protection against threats and hacks.

HIPAA Compliance Checklist – Pitfalls to Avoid #1 : Texting of patient information

Texting patient information such as test results or images is an easy way that providers can relay information to their colleagues quickly. While it may seem harmless, it potentially places patient data in the hands of cyber criminals who could easily access this information. Additionally, using standard texting capabilities on a smartphone constitutes a major HIPAA violation.

In 2014, a medical resident treating a North Carolina nursing home patient asked a nurse to text the lab results. As a result, the facility ended up paying a high price for using this inherently insecure messaging medium. The Centers for Medicare & Medicaid Services (CMS) gave the nursing facility an “e-level deficiency,” meaning there was “no actual harm but potential for more than minimal harm

While the case of the facility in North Carolina did not enable sensitive information to end up in the hands of criminals, it does demonstrate the ease with which a HIPAA violation can be incurred.

HIPAA Compliance Checklist – Pitfalls to Avoid #2 : Inability to wipe lost or stolen devices

Accellion reported that 68% of healthcare security breaches were due to the loss or theft of personal mobile devices or files. Indeed, mobile devices are the most vulnerable to theft because of their size.

The impact of this theft should not be minimized as theft of PHI (protected health information) through lost or stolen laptops, desktops, smartphones, and other devices that contain patient information can result in HIPAA fines.

By not having a procedure in place to remotely wipe a smartphone of relevant patient information, hospitals are placing themselves at serious risk. As noted, loss or theft are more common than institutions would like. As such, they cannot ignore the need to have procedures in place to manage the situation effectively.

Necessary safeguards should be put into place such as password protected authorization and encryption to access patient-specific information. Ideally, the smartphone devices that practitioners are exchanging patient information on will provide administrators with the proper technology to wipe the smartphones if lost or stolen.

To read the rest of the pitfalls read our e-book

Shawn Lazarus

Share
Published by
Shawn Lazarus

Recent Posts

Beginner’s Guide to Kubernetes Troubleshooting

What Is Kubernetes Troubleshooting?  Kubernetes troubleshooting is a critical skill for developers and system administrators…

3 weeks ago

Why EHR Secure Chats Don’t Cut It: Top 10 Reasons

EHR Secure Chats - Yay or Nay Electronic Health Records (EHRs) have evolved from mere…

1 month ago

Empresa de serviços de helicóptero melhora a resposta a incidentes em 90 por cento com OnPage BlastIT

A comunicação eficiente da equipe requer o conjunto adequado de ferramentas e processos, garantindo que…

2 months ago

Empresa líder global em transporte aéreo escolhe OnPage

OnPage anunciou hoje que uma das maiores empresas de serviços de helicóptero e transporte aéreo…

2 months ago

7 Key Takeaways from HIMSS 2024

  Introduction: The Healthcare Information and Management Systems Society (HIMSS) conference serves as a beacon…

2 months ago

Replace Imprivata Cortext with OnPage

Introduction Healthcare organizations require a secure clinical communication and collaboration system that ensures care teams…

2 months ago