Noncompliance with Health Information Privacy and Accountability Act (HIPAA) regulations can have costly consequences for healthcare organizations. We’ve seen many healthcare providers paying multimillion-dollar settlements for HIPAA violations in the last few years.
While staying HIPAA-compliant is a priority for providers, new technology such as the Internet of Things (IoT) makes it increasingly challenging by adding new cybersecurity complexities.
As the DHS Office of Human Rights embarks on the new round of HIPAA compliance audits, you need to ensure the right strategies are in place for keeping patient data secure.
Emerging Technology Is Transforming Healthcare — But Not Without Risks
Some have called this the era of golden medicine, thanks to the unprecedented levels of patient care made possible by technology. Patients now expect and demand faster diagnoses, 24/7 communication with providers, convenient access to their records, and delivery of care anytime and anywhere they need it — rather than just in the traditional doctor’s office.
Innovative IoT applications make all this possible. Unfortunately, only recently the security of IoT devices has become a focus for manufacturers.
The security of many of the devices used in the healthcare setting has been addressed as an afterthought. Yet these devices could very easily become the weak link hackers exploit to penetrate a network and compromise patient data. This problem will only grow with the exponential growth of the IoT industry.
At the same time, healthcare information is highly valuable to cybercriminals — much more so than credit card data. As a result, healthcare organizations are increasingly becoming a target for bad actors. Many of the more recent breaches have served to drive this point home.
HIPAA Noncompliance Is Not a Light Matter
HIPAA violations can result in both criminal and civil penalties. The financial losses alone can be huge. Consider just a few examples from the last couple of years:
- A New York hospital paid a $4.8 million settlement after the information of nearly 7,000 individuals became accessible online;
- A California health system paid out $4 million when the records of 20,000 people were compromised;
- A Texas provider was fined $1.7 million after an unencrypted laptop was stolen.
In addition to penalties, violations could lead to the provider being excluded from the Medicare program — which for some organizations could mean a major loss of business.
Comprehensive Approach to Security Is No Longer Optional
To keep up with today’s threats, a comprehensive approach to security must integrate multiple layers of defenses. Tools that may have been optional in the past are now necessary. To balance innovation and security, a few key steps you should consider include:
- Multifactor authentication — to help prevent unauthorized access to data;
- Encryption — so that in the event of a breach, the data itself doesn’t become compromised;
- Mobile device management — with the growing trend of BYOD, a strong policy must be implemented and enforced.
Regulations such as HIPAA help protect patient privacy and security, and compliance will remain a priority for healthcare organizations. Fortunately, many providers are on track — but they need ongoing support from experts who understand the risks.
Xiologix can help you remain compliant by conducting regular risk assessments and recommending policies and solutions that address the latest threats.