They were surprised, and you likely be will, too. Of the hundreds of healthcare organizations I’ve helped document HIPAA and meet compliance requirements, most are unaware that their Patient Health Information (PHI) is exposed in some way. If a cyber attacker took advantage of this situation, it could cause damage to your patients, bring giant HIPAA fines, and a loss of reputation.
Patient data can be stored in unlikely or unnoticed places. Here are a few hiding places I’ve helped organizations identify:
These opportunities for exposed PHI are not surprises for the Department of Health & Human Services’ Office for Civil Rights (OCR). That’s why they require a true Healthcare Security Risk Analysis, which includes a thorough risk assessment of patient data, review of policies and procedures, employee interviews for a HIPAA-HITECH audit, an analysis of operational threats, and more. And, remember, any business associate who comes in contact with your patient data is also accountable for protecting it. You have a responsibility to make sure those associates are also diligently protecting your PHI.
Robbie Morris is TekLinks' VP of Healthcare and Security Solution Services. Contact him at info@teklinks.com.
You may not be getting all you can out of your browsing experience
and may be open to security risks!
Consider upgrading to the latest version of your browser or choose on below: