In this situation, basic security tools such as  antivirus or firewalls are no longer making the cut.
            Healthcare information security obeys data protection laws, particularly the Health Insurance Portability
            and Accountability Act (HIPAA) applies in the US.

            If a data breach occurs,  HIPAA regulation presupposes financial and criminal penalties. HIPAA
            outlines requirements to keep the personal health information of clients and patients safe.



            What Does HIPAA Protect?

            An  average  incident costs  a  company about $6.45  million.  Thus,  organizations  should  consider both
            whether they are compliant and whether all the risks are considered. Generally speaking, HIPAA restricts
            uses and disclosures to healthcare operations, the provision of treatment, or payment for healthcare
            unless the patient agreed to provide information to a third party, and HIPAA gave authorization.

            HIPAA  Security  Rule  ensures  the  confidentiality,  integrity,  and  availability  of  health  information.  Its
            Privacy Rule directs the uses and disclosures of health information (the HIPAA Privacy Rule). Thus, these
            elements help Covered Entities and their Business Associates to protect Electronic Protected Health
            Information (ePHI). The US Department of Health and Human Services (HHS) outlines who HIPAA refers
            to in its definition of a Covered Entity.

            The HHS Office For Civil Rights (OCR) manages HIPAA. They conduct audits to ensure compliance with
            the Covered Entities and businesses that control medical data. HIPAA audits are conducted to track
            progress on compliance and to identify areas to improve.

            These  protected  records  include  diagnoses,  treatment  information,  test  results,  medications,  health
            insurance ID numbers, and  other identifiers. HIPAA also covers contact information, including phone
            numbers, addresses, email addresses, birthdates,  and demographic  information.  So,  while  the OCR
            prepares for the next HIPAA audits, businesses ought to make sure they are ready.



            Why HIPAA Needs Cyber Security?

            HIPAA Security Rule specifies that Covered Entities need to establish and maintain protections for ePHI.
            Moreover, protection must defend the organization against breach through any physical, administrative,
            and technical means. The rule mandates that HIPAA-compliant organizations:



               ●  All the health data sent, stores, received, or produced has strong confidentiality. It means that it
                   can be available only to authorized people to access, change, or remove it. The data should also
                   be always available for authorized individuals.



               ●  Threats to data integrity or security should be predicted whenever possible. Organizations should
                   defend against any information disclosure or use not allowed by HIPAA.




            Cyber Defense eMagazine – August 2020 Edition                                                                                                                                                                                                                        106
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.