Privacy and Security Diligence in 2017
The transition to a DJT administration should not have a significant immediate impact on HIPAA enforcement – but CISO’s and CIO’s are concerned because of the uncertainty. Currently, the OCR’s Federal Privacy Rule gives you rights over your health information and sets rules and limits on who can look at and receive your health information. The Privacy Rule applies to all forms of individuals’ protected health information, whether electronic, written, or oral. HIPAA gives you important rights to access – to obtain an electronic copy of your medical record and to keep your information private. Why is it so important to be diligent?
Per HHS, healthcare hacking rose 64% in the first 11 months of 2016.
The 2009 HITECH Act created a tidal wave of EHR implementations, consuming many IT departments’ capital budgets. This made it almost impossible to adequately protect patient data while at the same time advance the IT environment. Healthcare organizations found themselves playing catch-up. Add to that wearable technology, “app” prescriptions, and the rise of fitness trackers, and there exists a potential security nightmare for hospitals and healthcare organizations in 2017.
The year ahead promises to be a busy one for those responsible for HIPAA compliance, as the Office of Civil Rights (OCR), continues to enforce compliance initiatives and address new questions.
Phase Two of OCR’s HIPAA audit program is currently underway. For this phase of the audit program, OCR is identifying pools of covered entities and business associates that represent a wide range of health care providers, health plans, health care clearinghouses and business associates.
The continuing audit program may uncover promising practices, or reasons hacking and health information breaches are occurring. These audits will help OCR create more comprehensive tools for covered entities and business associates, and to better protect identifiable health information.
Everyone has a role in securing and protecting health information.
The first step is in understanding the risk. A risk assessment of your vulnerabilities is a good starting point. At Fogo Data Centers we take protected health information seriously. As healthcare attorneys, we understand the importance of secure cloud computing.
Call us today to assess your present strategy. Our hashtag is #KnowYourCloud. Providers are only as strong as the weakest link in the chain, which can be anything from ISP’s to interoperable devices contained on their networks.
Let us help you avoid costly mistakes.
About The Author