6.21 Start of Breach Season

Improving Patient Outcomes through Technology
June 28th, 2018
Summertime Notorious for Increased Data Breaches
 
In 2016 there were a recorded 10.88 million breaches in June alone. This was closely followed up with a recorded 9.1 million breaches for the month of August.  What this means is that it is the time of year when you need to review your organizations practices when it comes to IT and cyber security.  
 
The HIPAA Breach Rule has specific guidelines for reporting breaches within a certain time frame for them to both be assessed and rectified. Something small like a medical record faxed to the wrong number is easily fixable, shred it, notify all parties involved, and get proof the record was destroyed. But, there are more complex matters that need resolution, like a firewall with appropriate Intrusion Prevention (or Detection) Service.  
 
Items specific to cybersecurity are what typically fall through the cracks, so much so that in 2017 80% of offices planned to increase the budget for IT needs.  The federal government allocates 16% of its budget to cyber security, and in 2016 it is reported that the health care industry on average only spends 6% or even less on cyber security!  
 
 
With health care as the number one target for hacks this dichotomy spells trouble.
 
With 1 in 4 offices not having the proper safe guards in place to prevent HIPAA violations it becomes an expensive problem for everyone. 
 
MD Anderson Cancer Center in Houston was just cited with $4.3MM in fines for having 3 unencrypted devices.
 
The current limit for HIPAA fines is $1.5 million per year, or $50,000 per instance on an identical violation, but fines can jump higher if “Willful neglect” is proven, which it was in the MD Anderson case.
 
The worse news is that if OCR (the Office of Civil Rights) who enforces HIPAA rules finds it was a willful act, meaning if you knew it was a violation but let it happen anyways, jail time can be added. 1 year for not knowing, and up to 10 years if you knowingly sell patient information. 
 
As daunting as maintaining compliance seems it can be easy to keep within HIPAA standards at your organization. 
Be familiar with HIPAA or,
Work with a partner that is.  Specific and practical working knowledge of  the HIPAA Rules which deal with technology used in health care is essential. 
 

A robust security platform like EverShield should include:


   • Provides secure remote access to critical applications on a secure private network.
 
   •A BAA (Business Associate Agreement).
 
   • Multiple communications modalities within one app to avoid user errors.
 
   • Data not stored or cached in third party data centers without a BAA in place.
 
   • Encryption for data in transit and data at rest.
   • Ability to meet state by state HIPAA data retention requirements.
 
These are just a few of the requirements to comply with the Security Rule….
Not sure how to get started?  Email us to receive the 2018 Benefits of Secure Communications now!
Asgard Managed Services welcomes your feedback
to reach us call: 888-941-9941 or
email us at info@myevershield.com or
visit us at: www.myevershield.com
Copyright 2018 Asgard Managed Services – All Rights Reserved
This email was sent to you because you have subscribed to EverShield marketing emails. If you no longer wish to receive marketing emails, please unsubscribe.

122

You may also like