While the Health Information Portability and Accountability Act (HIPAA) has been in place for years, healthcare providers are still debating their need for compliance. One pervasive misconception is that conducting a HIPAA security risk analysis is optional for small providers. The fact is that every health practice is subject to HIPAA security compliance, including regular assessments of security risk. Here are four compelling reasons to update your HIPAA security practices, sooner rather than later.
1) Healthcare is Under Attack
Security experts report, that healthcare has overtaken financial services as hackers’ number one target. As the dark web’s exploitation of healthcare data grows in scale and velocity, attacks on poorly prepared providers will only continue to worsen.
2) Providers Don’t Update
Price Waterhouse Coopers named cybersecurity to their top ten list of issues the healthcare industry must address in 2016. Healthcare’s investment in data and technology protection has not kept pace with increasing cyber-risk. Not surprisingly, smaller organizations are most in need of cybersecurity updates.
3) Compliance Isn’t Optional
Historically, small to mid-size organizations have avoided the scrutiny of HIPAA’s primary enforcer: the Department of Health and Human Services (HHS) Office of Civil Rights (OCR).
This has changed with new rulings on OCR authority, however. Healthcare legal specialist Lowenstein Sandler warns that OCR has amped up its resolve to enforce regulatory compliance at every level.
Audits are already on the rise and the number of fines is escalating. OCR has issued a statement warning that “every covered entity…is eligible for an audit,” thus, Lowenstein Sandler recommends all who are subject to HIPAA laws to “revisit their compliance policies before they receive an OCR letter.”
4) The Public is Watching
Consumer Reports lists secure technology as one of the top ten factors consumers should consider when choosing a healthcare provider and 40% of consumers surveyed indicate they would hesitate using or abandon a health organization that experiences a data breach. HIPAA security compliance reassures patients that your organization can be trusted to keep medical data private and IoT-enabled medical devices safe from malicious access.
Ultimately, maintaining compliance makes your health-related business more competitive, and through upgraded practices and technology, more efficient and productive; it also benefits everyone who’s connected with it, including patients, partners and employees. Find complete compliance information at the HHS.gov website.