HIPAA Audit: OCR Is On The Move
With the release of Omnibus HIPAA privacy and security rule on January 17th this year, the health information security landscape is set to experience some major changes. Healthcare entities are facing the immediate need to conduct risk assessments and testing to meet HIPAA compliance requirements. While more audits and increased penalties for non-compliance are likely, healthcare providers, their business associates and subcontractors are busy preparing themselves to tackle this new challenge.
Although the final HIPAA rule is viewed as the beginning of a much needed push towards health information security and privacy protection, for healthcare entities and their business partners this is clearly a change that is most likely to affect their information technology ecosystem. Most CIOs are now leaving no stone unturned in the search for feasible and efficient means to protect health data to the fullest extent. The possibility of breaches of data-at-rest, caused by loss/theft of mobile devices, seems to be the worst nightmare for most healthcare providers today. Moreover, the fact that monetary penalties and legal action are no longer restricted to massive data breaches adds to their worry.
While some of these vulnerabilities stem from the use of technology, it is to be noted that operational and people-related processes also pose a major risk. And overcoming this risk is possible only through better education, training, and change management. Security experts believe that healthcare organizations are often in a hurry to adopt new technology; and in the process of doing so they often ignore the long-term problems in managing risk. It’s therefore crucial to first understand the risks associated with new technology and adopt appropriate security measures to mitigate them.
Other than complying with HIPAA, healthcare entities and their business partners have to ensure security of data-at-rest, data in the cloud, and also manage information sharing as well as data on mobile devices. They have to provide patients with secure access to their health records while managing risks and creating employee awareness through training programs. Aegify Security Posture Management and Aegify SecureGRC are platforms designed to meet these specific needs. These platforms can come in handy at this crucial time when healthcare entities, their business associates and subcontractors are expected to take immediate action to completely protect health data and to comply with the requirements of HIPAA.
Health information security is the most discussed topic in the healthcare industry today. There is widespread action in the healthcare industry to overcome data security threats and prevent data breaches. The National HealthTech Council and some leading action groups are to convene at the HealthTech Meeting to be held on April 21-23 in Chicago to join hands with industry-leading solution providers. The aim is discuss the new policies and to come up with solutions of the like that are in high demand. At this upcoming meeting, industry experts are to lead roundtable strategy sessions on topics such as “The Mobile Revolution: Remote Care without Compromising Security and Quality”; “Operational Risk Management: People, Process, Technology”; “Help, My Data Has Been Breached!: Insights on Threat Prevention, Detection, Response” etc. These sessions are likely to bring out the best practices and lessons learned by healthcare providers. Some of the most important topics that affect the sphere of healthcare information security will also be discussed. The healthcare industry is clearly preparing for a much more risk-free and compliant future.
Related posts
