Healthicity

The Danger of Confusing Compliance for Security

May 26, 2016 | Posted by :  Picture of Steve Spearman Steve Spearman

Share:

  

compliance, hipaa, PHI security, ePHI

60% of practices and businesses that declare a major breach file for bankruptcy within 6 months. -Larry Ponemon Institute, FBI Cybersecurity Bureau, 2016.

The Fatal Healthcare Security Mistake

The majority of healthcare organizations that suffer a security breach never saw it coming. They believed they were compliant and they believed that they were safe.

That’s just the thing, though. Being HIPAA compliant is absolutely crucial for a successful organization but it won’t secure your organization from common security threats.

HIPAA Compliance and PHI security are not the same, though unfortunately, many healthcare providers make the detrimental mistake of assuming that the two are mutually exclusive. While you should absolutely focus on compliance, in order to avoid a data breach and potential bankruptcy, your organization should also give equal attention to your PHI security.

Common Security Breaches

Security breaches happen every day to organizations both large and small. Nobody is intrinsically protected. News headlines are full of stories about healthcare organization breaches where identities are stolen, private records made public, and millions in damages. All one needs to do is pop on over to the US Department of Health and Human Services website to see that the data breach list goes on for days:

  • Neurologic institute accidentally emails 10,000 patient records to 200 patients
  • 2200 physicians victims of ID theft/tax fraud
  • Billing Co. employee acquires 400+ identities from electronic medical records
  • Failure to apply fix to router results in compromise and loss of 4.5M records
  • International hacking group uses phishing then hacking to steal information on 80M people
  • Hacking of UCLA Medical nets 4.5 Million records, goes undetected for over 9 months
  • Etc., Etc., Etc.

Healthcare has become an easy target for data breach and identity theft. To effectively secure your practice, it’s absolutely crucial to understand what it means to truly be secure, to know where your operation needs to focus its energy and where to be extra vigilant. Despite popular belief, written policies & procedures don’t equate to a proper security framework.

To learn more about the difference between HIPAA compliance and PHI security, and how to protect your organization, check out our free webinar, Compliance Is Not Security.

Watch the Webinar Now  >>

Questions or Comments?

Related posts