2023 statistics are not in yet for security incidents that ended as HIPAA breaches, but all one needs to do is review The Office for Civil Rights HIPAA Wall of Shame to remind your organization the importance of taking steps to secure Protected Health Information (PHI).
Out of 47 breaches reported in the month of December, 39 were Hacking/IT Incidents. So what have we learned? Doesn’t appear to be too much since the breaches continue to occur and the threat actors continue down the same successful path of infiltrating organizations’ networks and environments.
Securing PHI in any form is your responsibility as a Covered Entity and Business Associate. And the ONLY way to know the vulnerabilities, threats and risks to the business is to complete an annual Risk Analysis, then address those areas of weakness. This does not necessarily equate to thousands of dollars that need to be spent in order to mitigate the risks. A few examples would be:
· Conduct in-house staff training regularly, reminding employees on how to spot the “Red Flags” in email phishing attacks. Make the training fun and interactive.
· Designate a staff member on a weekly or monthly basis as the “HIPAA Police”, checking for computers locked when an employee walks away, desks are free of papers containing PHI or sensitive data (clean desk policy), medical records room(s) and server rooms are locked at all times. Reward great staff behavior.
· In the event of a termination disable the alarm code for that individual, or if the code is universal for all staff, have this reset right away.
· Review vendors to ensure a Business Associate Agreement is in place (if they are a Business Associate) and be certain the vendor does not have any access into the organization’s environment unless absolutely necessary.
Awareness is key and remember, we are ALL patients and want our privacy protected.
HIPAA compliance isn’t a one-time checklist. It’s ongoing, programmatic in nature, and requires demonstrated reasonable diligence to stay in good standing with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Anatomy IT can provide you peace of mind with our expert HIPAA compliance services. To learn more, contact us here.