Don't End on HIPAA's Wall of Shame

Aug 15, 2019

The Breach Notification Rule is part of the Health Information Technology for Economic and Clinical Health Act (HITECH) that was signed into law in 2009. This law states that Covered Entities and Business Associates are required to report HIPAA cybersecurity breaches of unsecured protected health information (PHI) affecting 500 or more individuals to the U.S Department of Health and Human Services (HHS). As part of the effort to make this information available to the public, the HHS created the Breach Portal on their website, which is updated every month and has come to be known as HIPAA’s Wall of Shame.

The list provides a summary of data breaches, including the name of the covered entity, covered entity type, number of affected parties, breach type and location (e.g., server, email, electronic medical record).

Healthcare providers should pay close attention, because according to the HIPAA Journal, June 2019 saw a 73.6% increase in the number of health records exposed in data breaches, and of course, you don’t want your organization to end up on the Wall of Shame!

What’s a breach?
According to the HHS, a breach is an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the PHI.

Being on the naughty list costs much more than penalty fines

Aside from the fact that providers can be subject to fines of up to $1.5 million for falling victim to a data breach, your patients and clients lose their personal security, affecting your company’s credibility and integrity. According to June’s Healthcare Data Breach Report, the main causes of healthcare data breaches were hacking and IT incidents, as well as unauthorized access/disclosure incidents, which accounted for 83% of all breaches reported .

How can you avoid falling victim of these Cyber Security Breaches?

  • Be proactive: In accordance with the HIPAA Privacy and Security Rules, it is required that Security and Privacy Assessments are performed annually. This practice helps you identify threats and discover vulnerabilities within your system. In order to do this, bring in top professionals who specialize in IT Policy and determine the security strategy that best aligns with your company’s objectives.
  • Provide annual HIPPA education to employees:  It is vital to keep everyone educated regarding current HIPAA rules and regulations. Education is key to give your employees the necessary tools to protect against cybersecurity threats and to ensure best practices are followed.

It is important to learn from the Wall of Shame in order to avoid landing there yourself, and most importantly to protect your company and your patients.

Contact us for more information regarding Cybersecurity and Compliance Readiness. Intervoice can help you protect your most valuable asset: your data. With 30 years of technology leadership we can provide the top-notch talent that your company needs to keep your information safe.  

Take control of your organization’s future and see tangible solutions.