The healthcare organizations need to reflect the revamped HIPAA Omnibus rules in their policies and procedures. Although, the new rules cover various changes to HIPAA Privacy rule, Security, and Breach Notification Rules but the most notable changes happened in the individual rights that must be reflected in an entity’s HIPAA policies and Notice of Privacy Practices (NPPs). The new HIPAA policy covers— new requirements of fundraising activity and a chance to opt out, new requirements for individuals to provide authorization for the sale of PHI, patient rights of access to electronic records, rights to limit certain disclosures, and rights of notice in the event of a breach. The updated rules are very stringent and breaches are subject to enforcement that can include fines up to $50,000 per day.
Although the new rules hold the covered entities responsible for protecting patients' health information, some healthcare organizations are making the same mistakes again and again. Recently, a hospital in Alhambra, Calif., AHMC healthcare informed 729,000 patients that their PHI has been stolen following the theft of two unencrypted laptops. Apparently, AHMC hospital breach is one of the major HIPAA privacy breaches reported in 2013 and the 11th biggest HIPAA breach till date. A recent survey shows that many healthcare organizations have been struggling to comply with HIPAA. In 2013, there has been a 138 percent increase in personal health information breaches. The Office for Civil Rights has promised an increase in investigations and penalties for entities that have failed to take patient privacy seriously.
Protect your organization from Data Security Breaches with these tips:
Although the new rules hold the covered entities responsible for protecting patients' health information, some healthcare organizations are making the same mistakes again and again. Recently, a hospital in Alhambra, Calif., AHMC healthcare informed 729,000 patients that their PHI has been stolen following the theft of two unencrypted laptops. Apparently, AHMC hospital breach is one of the major HIPAA privacy breaches reported in 2013 and the 11th biggest HIPAA breach till date. A recent survey shows that many healthcare organizations have been struggling to comply with HIPAA. In 2013, there has been a 138 percent increase in personal health information breaches. The Office for Civil Rights has promised an increase in investigations and penalties for entities that have failed to take patient privacy seriously.
Protect your organization from Data Security Breaches with these tips:
- Conduct annual HIPAA risk analysis to see whether your organization is complaint with HIPAA Security Rule.
- Identify the vulnerabilities beforehand. Be it enhancement of infrastructure, new system deployments, organizational restructuring and employee turnover. Always assess security risk to identify the real vulnerabilities.
- Maintain encryption of data on all laptops and portable devices. The significance of data encryption cannot be denied. Since 2009, one third of all the HIPAA breaches have to do with unencrypted portable devices.
- Communicate the importance of security awareness to your employees. Educate your employees on IT security and its significance by providing them security awareness training.
- Hackers and cyber criminals can wreak havoc to your healthcare data. Health records, credit card information, insurance details are areas of high value for cyber criminals as they can be exploited for fraud, identity theft and other hoaxes.
- Avoid cyber crime by implementing quarterly scanning and testing of vulnerabilities. Opt for internal and external penetration testing which helps in exposing malicious attackers.
No comments:
Post a Comment