For the last eighteen months or so, media coverage of healthcare hasn’t been focused so much on HIPAA regulations, but on the cybersecurity strength protecting healthcare data. Yet HIPAA’s Privacy and Security regulations remain the source from which all other privacy and security regulations, certifications and aspirations spring.
Image Credit: J. Robinson Group
Each “next thing” ups the ante, building on fundamental HIPAA requirements. Years ago, HITECH pushed healthcare’s electronic records adoption, expanded ePHI protection and non-compliance liability. Today’s HITRUST framework builds upon both, increasing the stakes and setting higher standards. In fact, without a strong HIPAA-based information and security compliance program, companies may find HITRUST’s strict criteria for certification out of reach. To help answer questions about HIPAA regulations and what it covers, we put together a list of frequently asked questions.
HIPAA and healthcare policy are inextricably linked. HHS / OCR HIPAA audits and post-breach investigations focus on where organizations fall short with HIPAA Privacy and Security compliance. Ransomware attacks only highlight the need for HIPAA compliance and a strong compliance program. Although the cyber-threat makes everyone anxious, it’s important to not let it become the bright shiny object (or the dark dastardly one) that distracts us from the big compliance picture.
Some may feel that the focus needs to hone in on cybersecurity, that HIPAA can be vague and doesn’t do enough. Maybe so. But building successful security measures into your organization means entrenching healthcare data privacy and security into your culture. You need to build a culture of security from the bottom-up. Which equates to complying with HIPAA requirements, improving accountability for security flaws and mitigating breach risk, to start.
Finally, there’s a non-regulatory, non-policy reason to keep HIPAA requirements near and dear to business operations: patient perception. Ransomware scares hits patients’ fear button hard. With the continued increase in the number of patient health records compromised, building patient trust is growing in importance. Patients are fearful that their healthcare information will suddenly be up for auction. Fearful that the medical devices that help deliver care could be compromised. Being able to reassure your patients (and your clients, if you’re a third party digital partner) that you’re following HIPAA’s rules and regulations is one way to start assuaging those fears. It will go a long way and won’t hurt your reputation in the marketplace either.
Are you interested in learning more about how Ostendio's MyVCM can help you maintain your HIPAA compliance? Contact us today for a complimentary evaluation with one of our security experts.
Not sure where to start?
The NIST Guide can help. We can also provide you with a free copy of Ostendio’s password policy, as an example. Just contact us at firstname.lastname@example.org.
Avoiding the Hidden Pitfalls of Security Audits
In this webinar, see the 5 most common pitfalls of security audits and learn how you can avoid them with the power of MyVCM CrossWalk Assessments.