3 Ways To Keep Your Business Email Account Safe
The most common way most business users share information with one another is through their work email addresses. Aside from sharing important...
Five Nines Team : Apr 11, 2019 2:32:01 PM
2 min read
While you hear about the occasional breach of Protected Health Information (PHI) from large organizations, smaller medical offices often believe they are safe from a breach due to their size. When it comes to cybercrime, that is no longer the case. In fact, over three million patient records were compromised in 2017 across the medical industry, and small practices were breached, hacked, and ransomed just like the larger healthcare organizations.
The Office of Civil Rights (OCR) shows there is an upward trend in data breaches since they first published summaries of healthcare data breaches in 2009. Between 2009 and 2018, there have been 2,546 data breaches that involve more than 500 patient records. These breaches have resulted in the exposure of 189,945,874 patient records, which is more than 59% of the population of the United States.
The loss or theft of PHI were the top causes of data breaches from 2009 and 2015. These breaches could easily be prevented with device encryption, strong physical safeguard policies, along with annual staff training. The current statistics show that hacking/IT incidents have been the top causes of data breaches, which is why it’s important to discuss conducting a risk analysis with your IT team.
In an effort to prevent these breaches of PHI, the HIPAA Security Rule requires that all covered entities must perform a risk analysis and implement a risk management plan. This regulation is outlined in 164.308(a)(1)(ii)(A) “Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the [organization]”.
A completed risk analysis will provide your practice with a detailed understanding of the risks to the confidentiality, integrity, and availability of ePHI within your organization. A risk analysis also helps practices assess and mitigate risks to the security of PHI.
A risk analysis contains a detailed look at an organizations administrative, physical, and technical security measures utilized to protect PHI.
WHY COMPLETE A RISK ANALYSIS?
A completed Risk Analysis will help your practice identify vulnerabilities within your organization that could lead to a data breach or loss of PHI at some level. This assessment is the first step to ensuring compliance with the HIPAA Security Rule, attesting to government incentive programs, and ensuring security of PHI within your organization.
Don’t allow your organization to fall behind, complete a risk analysis today to ensure your organization is not only compliant, but safe as well.
Five Nines Case Study: Click below to discover how Five Nines has been able to provide 24-hour support, improve the IT infrastructure, and find the right solutions for a critical access hospital in rural Nebraska.
The most common way most business users share information with one another is through their work email addresses. Aside from sharing important...
We partnered with HBE CPAs & Consultants to present Security Tips to Keep You Safe at Home & Work, and here are the top 5 tips we covered: #1 –...
Your mobile device holds your entire life: emails, messages, photos, social media accounts, etc. Because your phone is always in your hands, on your...