A recent federal list announced that there have been serious health information breaches that affected nearly 8.3 million people since September 2009. With 3 government agencies looking into Heath Net breaches including the case of 9 missing server drives from a California data center that was managed by IBM, the actual gravity of the situation cannot be stressed enough. The Office of Civil Rights that generally adds such breaches to its official list upon confirmation of details has not yet added the Health Net breaches. As per the final version of the breach notification rule, all breaches affecting 500 individuals or more should be reported to OCR including the people who are affected by the breach and this should be done within 60 days.
Over 50% of the major health breaches that have been reported, most of them are concerned with either the loss or the theft of computer devices. This has underlined the need to install encryption security methods to laptops etc. On the other hand the Health Net breach incidents are more focused on ways and means to protect storage media effectively. The OCR is doing its best to get all healthcare providers to abide as per HIPAA / HITECH compliance requirements; in fact it has even requested for increased funding to ensure enhanced enforcement efforts. But the fact still remains that the onus to meet all the compliance measures still rests on the healthcare providers themselves. There is likely to be an addition to the HITECH breach notification rule sometime later this year, which would ensure that all doubts about what kind of security breaches should be reported are all simplified and laid out clearly.
Recently Cignet Health and Massachusetts General Hospital were slapped with severe penalties. Such increasing incidences of security breaches are indeed alarming; small businesses need to equip themselves with a solution that can help them address such breaches efficiently. SecureGRC SB, a solution that is provided on the cloud, can fulfill all HIPAA / HITECH Compliance requirements pertaining to small businesses. With its central repository for all documentation purposes pertaining to HIPAA, it can send reminders to ensure compliance regulations are maintained and can ensure complete maintenance of track records of business associates.
More often than not, small medical healthcare providers cannot meet the expense of costly solutions nor can they obviously pay the hefty penalties for any non-compliance issues. The best option for such businesses is to opt for a unique IT healthcare compliance solution that is not only economical, and accurate, but also assists them in meeting all the healthcare compliance requirements efficiently. And with SecureGRC SB, small healthcare providers can easily say an emphatic no to health breaches!