Personally Identifiable Health Information (PHI) has value on the black market. The hacking community has continued to demonstrate increased sophistication and stealth with regards to obtaining that information. The HIPAA Privacy and Security Rule provide Healthcare Entities direction and regulation for minimizing reputational and financial risk. Yet, given these facts, a recent survey of HIPAA compliance conducted by NueMD revealed nearly half of the responders haven’t taken this situation seriously.
Only 58% of the responders indicated they had a compliance plan. 23% had no plan. Less than half of all responders felt comfortable that their mobile and electronic devices were HIPAA compliant. Only 30% were confident that social media was being used in a compliant manner.
HIPAA has been around since 1996, with the HITECH Act addition in 2009. HIPAA leverages best practices and can level substantial fines for non compliance. Meaningful Use encourages adoption through monetary incentives with HIPAA compliance included as a Core Objective. Given these regulations and business drivers, why haven’t we seen greater adherence?
My guess is that Healthcare Entities either do not fully understand their risk or do not have the expertise in house to address these risks and opportunities. If this sounds like you, there are numerous outside resources, Including State Universities, National Consultants or, in your own backyard, the Orion Group, who can help you navigate these challenges in a way that makes business sense. Contact them or us today to learn about the opportunities, risks and costs associated with enhanced medical security.
For more information on HIPAA, check out the entire 2014 survey from NueMD.
Orion Group Managed Services offers Security Management consulting support and assists our customers in its design and implementation. Schedule a consultation today with one of our experts to dicuss your company’s needs.