Page 106 - Cyber Defense Magazine for August 2020
P. 106
In this situation, basic security tools such as antivirus or firewalls are no longer making the cut.
Healthcare information security obeys data protection laws, particularly the Health Insurance Portability
and Accountability Act (HIPAA) applies in the US.
If a data breach occurs, HIPAA regulation presupposes financial and criminal penalties. HIPAA
outlines requirements to keep the personal health information of clients and patients safe.
What Does HIPAA Protect?
An average incident costs a company about $6.45 million. Thus, organizations should consider both
whether they are compliant and whether all the risks are considered. Generally speaking, HIPAA restricts
uses and disclosures to healthcare operations, the provision of treatment, or payment for healthcare
unless the patient agreed to provide information to a third party, and HIPAA gave authorization.
HIPAA Security Rule ensures the confidentiality, integrity, and availability of health information. Its
Privacy Rule directs the uses and disclosures of health information (the HIPAA Privacy Rule). Thus, these
elements help Covered Entities and their Business Associates to protect Electronic Protected Health
Information (ePHI). The US Department of Health and Human Services (HHS) outlines who HIPAA refers
to in its definition of a Covered Entity.
The HHS Office For Civil Rights (OCR) manages HIPAA. They conduct audits to ensure compliance with
the Covered Entities and businesses that control medical data. HIPAA audits are conducted to track
progress on compliance and to identify areas to improve.
These protected records include diagnoses, treatment information, test results, medications, health
insurance ID numbers, and other identifiers. HIPAA also covers contact information, including phone
numbers, addresses, email addresses, birthdates, and demographic information. So, while the OCR
prepares for the next HIPAA audits, businesses ought to make sure they are ready.
Why HIPAA Needs Cyber Security?
HIPAA Security Rule specifies that Covered Entities need to establish and maintain protections for ePHI.
Moreover, protection must defend the organization against breach through any physical, administrative,
and technical means. The rule mandates that HIPAA-compliant organizations:
● All the health data sent, stores, received, or produced has strong confidentiality. It means that it
can be available only to authorized people to access, change, or remove it. The data should also
be always available for authorized individuals.
● Threats to data integrity or security should be predicted whenever possible. Organizations should
defend against any information disclosure or use not allowed by HIPAA.
Cyber Defense eMagazine – August 2020 Edition 106
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.