Looking for Something Specific?
Search the Blog Archives.
As the next round of HIPAA audits continue, many healthcare organizations and their business associates are understandably concerned that while they are doing everything in their power to maintain HIPAA/HITECH compliance, their level of protection against cyberattacks and data breach isn’t enough. Every day, it seems more covered entities and their business associates are subject to devastating fines, sanctions and OCR settlements after being found non-compliant or as the result of a mistake made by an employee or subcontractor who was entrusted with sensitive patient health information.
When HIPAA Rules Don’t Provide Enough Guidance, Your VITECH Expert Can Help
At VITECH, part of the problem we see with healthcare organizations when they try to understand the various ways that their HIPAA compliance and business technology are intertwined is the fact that certain parts of the HIPAA rule are required — and other parts are considered “addressable.” For example, while HIPAA doesn’t require that covered entities encrypt their data devices, if the entity misplaces or loses the device, OCR will nail them to the wall. Problematically, the encryption was not a HIPAA requirement, but not having it is what got them into trouble when the device containing the non-encrypted data was lost.
Encryption is a bit of a no-brainer, and at VITECH, it’s one of the ways we help you protect your data in the event it ends up in the wrong hands.
HIPAA Wasn’t Designed to Help Covered Entities Protect Themselves
HIPAA regulations simply weren’t designed to guide healthcare companies in their IT and data risk management practices; instead, they were designed to protect patients and to prevent healthcare organizations from doing things that make sensitive patient information vulnerable to unauthorized exposure. HIPAA was never meant to guide covered entities as to how to prevent compromised data from getting into the wrong hands in the first place.
Think of it this way: HIPAA doesn’t instruct healthcare organizations in sensitive data best practices to reduce the chance that compromised data will be exploited. The HIPAA rules don’t tell you that deploying encryption and other data protection techniques can safeguard data even if it does end up lost. The rules simply establish regulations that healthcare organizations are required to follow, but they don’t tell them how to protect themselves if and when the inevitable happens.
What Can a Covered Entity Do to Prevent a HIPAA Violation?
When evaluating a HIPAA/HITECH IT security and compliance program, it is important to consider that security cannot occur in a vacuum. The processes related to HIPAA security and compliance are often most successfully implemented with automated technology, but once again, HIPAA doesn’t specify the use of any particular security technology in its guidance. That’s where a HIPAA expert like VITECH comes in.
At VITECH, we specialize in HIPAA compliance and security. When we implement a compliance program for our clients, it always includes:
VITECH’s entire team — from technical support to the sales team — is well versed in HIPAA compliance protocols. For the past 18 years, we have supported healthcare organizations of all sizes and guided them in safeguarding their business in light of compliance requirements and innovations in healthcare technology. VITECH experts know the underpinnings of HIPAA and HITECH, and as business owners ourselves, we understand the importance of staying at the forefront of technology to remain competitive in the healthcare marketplace.
VITECH is your HIPAA compliance Privacy and Security specialist. We know what HHS requires for you to be compliant, and we’ve designed the Full-Spectrum Compliance solution to get you where you need to be. Contact us at (800) 536-2156 or send us an email at email@example.com for your free HIPAA consultation.
Fill In The Form Below for industry news, information about our services, events, webinars and more.