Patient Data is a Hot Commodity

 

By Aris Medical Solutions

 

Health care organizations are now a primary target since they are the custodians of patient data and a plethora of information. The reason patient information is sought after so much is because it can be sold on the black market for a decent price. Social Security Numbers also have a longer shelf life unlike credit card numbers. Therefore it is imperative that any company or person that is involved with healthcare data do what they can to protect their computers and/or network.

Criminals are diligent in trying to gain access to these valuable databases. They can get into your network through social engineering, malware, and mobile devices to name a few. Sadly, most attacks go undetected for months, sometimes even a year unless it is ransomware when you are “notified” immediately!

Under the Security Rule, all entities that work with Protected Health Information are required to conduct a Risk Analysis to uncover any potential vulnerabilities. Then they must create a Risk Management plan to correct those deficiencies. Although most of the “technical” standards are addressable and not required, this does not mean optional. All covered entities and business associates must have reasonable and appropriate safeguards in place to protect their data. Aside from your normal IT services, we believe it will only be a matter of time before network security audits will become mandatory. Keep in mind your Policies and Procedures are still the backbone of HIPAA Compliance.

So what can you do to protect your data and your organization?

  1. Conduct a security risk analysis
  2. Mitigate the vulnerabilities that are discovered
  3. Request a third party network security audit
  4. Request documentation that your business associates are HIPAA Compliant
  5. Continual EDUCATION!

These are just some of the basics that you should implement. For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Data call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

Small Medical Practices are Huge Targets!

 

By Aris Medical Solutions

 

Many organizations have the attitude that they are too small to be a target for a data breach. Just because you don’t hear about small and medium sized practices being targeted doesn’t mean it is not happening.

Most medical practices are busy treating patients and are not aware of the severity behind this type of threat. Since small and even medium sized practices do not have the infrastructure in place to protect their data, they are a larger target than think. Data breaches can go undetected for months, if not years since they are not watching for it. For instance, if a Pediatric Practice is hacked, those social security numbers can be used for years before it will be discovered.

Many business associates are also targeted because they have access to medical records in different manner. Again, small and midsized organizations that do not have appropriate safeguards in place can wreak havoc in a medical environment. So what can you do?

First of all, conduct a Security Risk Analysis to understand what are your vulnerabilities. This is critical in order to mitigate risks.
Next, have a network security audit performed. Even if you access your data in the cloud and not through an onsite server, you can still be hacked.
Invest in monitoring your network. Know who is accessing your data.
TRAINING IS A MUST! Your employees can be your best asset or your largest liability.

Not only is this required under HIPAA, it is considered best practice in protecting patient data.

Contact Aris Medical Solutions at 877.659.2467 or click here to find out how we can protect your organization.

“Protecting Organizations through Partnership, Education, and Support”

©2024 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC