HIPAA Audit: OCR Is On The Move
Although occurring at varying degrees, data breaches are now more frequent than ever before. The TRICARE breach which is the largest ever since the HIPAA notification rule came into effect, has been in the news for quite some time now. Affecting 4.9 million beneficiaries of the military healthcare program, this breach attracted immediate and stringent legal action.
Three class action lawsuits have been filed against TRICARE. The first suit was filed by the law firm Shulman, Rogers, Gandal, Pordy & Ecker demanding $1000 in damages for each of the 4.9 million beneficiaries affected by the breach. In addition to this one, two more lawsuits have now been filed, but this time targeting the Science Applications International Corp., (SAIC), a business associate of TRICARE, which was involved in the breach. One of these has been filed by attorney Richard Coffman, demanding $4.9 billion in damages just like in the first lawsuit against TRICARE, and the second has been filed by two law firms seeking unspecified total damages on behalf of Californians affected by the breach.
These lawsuits clearly indicate the nature of action that is likely to follow every case of information breach or HIPAA violation. These are to be taken as strong warning signs to prevent security breaches and ensure regulatory compliance in your organization.
What can you do?
The first step is for you to assess the data security status in your organization. Find out how well your data is protected, evaluate the existing security and access protocols, and identify vulnerabilities and pitfalls if any. Once the shortcomings are identified, adopt a security solution that can integrate with your system and make sure security policies and protocols are adhered to. More often than not, it is not the absence of a security framework, but it is the lack of an efficient security system that results in a breach. So it is crucial to find a solution that can manage compliance and security end-to-end, starting from identifying limitations in your system, to ensuring that your data is protected at all times.
SecureGRC offers this capability. It gives you an upper hand on security, governance, and compliance. It simplifies the compliance/security monitoring and management process by completely automating all your security, compliance, audit, and risk management needs. With built-in, extensible support for HIPAA, PCI-DSS, SOX, ISO, COBIT and other compliance regulations, SecureGRC can help you steer clear of security breaches and resulting penalties.
Related posts
