By Diane Evans
Want to know the best way to avoid a data breach? Understand why they happen.
An updated report by the U.S. Department of Health and Human Services' website confirms that carelessness and neglect remain the most common underlying causes of data breaches.
This has been a consistent finding since the 2013 overhaul of privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA).
The obvious conclusion: Greater vigilance can prevent costly and disruptive data intrusions.
Sure, sophisticated cyber criminals are at work, and at times, culprits come from within. But amid such threats, healthcare executives have it within their power to put up strong defenses. That is accomplished through the implementation of proven practices that deter cybercrime.
Think of it this way: You secure your home to the best of your ability to prevent break-ins. But if you’re lax, and you leave an open window, you create opportunity for thieves. The same applies to data systems. Organized crime rings thrive on weak or nonexistent defenses – such as software that hasn’t been updated, or networks poorly secured.
In the new federal report, the following are the underlying compliance issues most often alleged, in order of frequency:
Impermissible uses and disclosures of protected health information
Lack of safeguards of protected health information
Lack of patient access to their protected health information
Lack of administrative safeguards of electronic protected health information
Use or disclosure of more than the minimum necessary protected health information
Now one more question: Want to know where vigilance starts? Of course it starts with top leadership prioritizing confidentiality – and the intentional work of upholding the trust of those who have placed their trust with a given organization.
About the author
Diane Evans is founder of Guarded Edge, which offers training and an in-house implementation plan for compliance with the Health Insurance Portability and Accountability Act (HIPAA) within long-term care. Diane can be reached at devans@guardededge.com. She has offered accredited training for state and national organizations, including the Health Care Compliance Association and the Cleveland Metropolitan Bar Association.
#Data ManagementLongTermCare
#Data SecurityLongTermCare
Comments