Despite advances in security technology and increased governmental cybersecurity initiatives, attackers will not abandon their pursuit of unprotected patient data.
According to the Identity Theft Resource Center, this past year healthcare entities accounted for 27.4% of reported data breaches.
It's clear that the healthcare industry is less prepared with HIPAA compliance than patients expect. HIPAA compliance, especially the Security Rule, has never been more necessary as the value of patient data continues to rise on the dark web.
To help organizations protect themselves, SecurityMetrics has released the 2018 Guide to HIPAA Compliance. With new survey data from over 300 healthcare professionals, insights and tips from HIPAA security analysts, recent case studies, and recommended best practices, this 135-page guide will serve as a comprehensive reference to help practice managers, IT teams, doctors, CEOs, and others understand HIPAA compliance, become compliant with applicable HIPAA requirements, and protect patient data and privacy.
Based on the Department of Health and Human Services' (HHS) Health Insurance Portability and Accountability Act (HIPAA), SecurityMetrics conducted 4 surveys in 2017. These surveys were intended to analyze various aspects specific to HIPAA's Security, Breach Notification, and Privacy Rules. Over 300 healthcare professionals responsible for HIPAA compliance at their organization responded. Here are a few examples of the responses, which shed light on organizational security habits in areas like HIPAA training, risk analysis, and encryption:
- 26% of organizations do not conduct a formal risk analysis
- 16% of organizations report they send emails with unencrypted patient data
- Only 34% of organizations train employees on the HIPAA Breach Notification Rule
"Our guide was specifically created to help covered entities and business associates address the most problematic issues within HIPAA compliance," says Brand Barney
The new guide focuses on important elements from the HIPAA Privacy, Breach Notification, and Security Rules, including:
- Incident response plans
- PHI encryption
- Business associate agreements
- Mobile device security
- HIPAA-compliant emails
- Remote access
- Vulnerability scanning
- Penetration testing
It also includes a new section called "How to Read this Guide," intended to direct readers of all HIPAA knowledge and experience levels to the sections of the guide that will be most relevant and useful for them.
Whether the reader is a new employee with limited HIPAA knowledge or an experienced system administrator, SecurityMetrics hopes this guide will ultimately help organizations secure their environment, become compliant with applicable HIPAA requirements, and protect patient data and privacy.