HIPAA security compliance is only one approach to protecting your data- as I’ve stated in prior posts, it is foundational only. It’s a start. It doesn’t fully represent a proactive approach to information security management. Covered Entities, even if HIPAA security compliant, do not do an adequate job of protecting their ePHI. One approach to improve this performance gap is to evaluate your security posture through the eyes of a hacker.
In a recent Harvard Business Review article, Nathaniel C. Fick makes a great argument to address weaknesses that attackers can exploit. He suggests taking the following actions:
- Understand your major risks and how adversaries aim to exploit them.
- Take inventory of your assets and monitor them continuously.
- Make security part of your mission.
- Be active, not passive, in hunting adversaries on your network and remove them.
While the HIPAA security rule defines these activities at a base level, Mr. Fick suggests ‘supersizing’ the compliance requirements by extending a proactive wrapper around each. HIPAA rule alone will still leave your business exposed. You can close that gap by taking security more seriously and by taking proactive steps to minimize your risk.
Orion Group Managed Services offers Security Management consulting support and assists our customers in its design and implementation. Schedule a consultation with one of our experts to discuss your network’s weaknesses and how to fix possible problems.