Is your organization HIPAA/HITECH compliant?
Key Statistics from the 2019 Cost of a Data Breach Report conducted by Ponemon Institute:
Healthcare organizations experience the highest costs associated with data breaches at $6.45 million – over 60 percent more than the global average of all industries.
Healthcare organizations have more trouble than other industries retaining customers after a breach with a turnover rate of 7.0%. The global average is 3.9%.
Organizations in the healthcare industry take the most time in the data breach lifecycle at 329 days. The mean time to identify and the mean time to contain are 206 days and 73 days, respectively.
Employees of healthcare organizations are responsible for protecting and retaining vast amounts of highly sensitive data that must be kept current, accurate, and accessible to various parties. Regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act have been put in place to help protect your organization and patients. As part of these acts, the Department of Health and Human Services has mandated annual privacy and security training, as well as regular reminders, for all employees of Covered Entities. Not only are these required by the federal government, but they are considered to be impactful best practices.
What is at risk?
- Personal Risk | These can include disciplinary action as well as criminal penalties, up to 10 years in prison, and personal fines up to $250,000.
- Organizational Risk | A standard HIPAA violation costs up to $50,000 per incident of non-compliance and $1.5 million per year for each standard violation.
- Irreversible damage to reputation and loss of patients’ trust is at stake.
- Provide continued HIPAA/HITECH education to employees and stay up to date with reviewing regulations.
- Hold vendors accountable for IT security policies and require them to prove up-to-date and continued compliance.
- Do not share healthcare-related stories about patients on social platforms. Even if you leave their name out of the story, someone might be able to guess who the patient is based on the information provided. Protect patient’s information and rights.
Social Engineering for Healthcare Professionals And Providers
9:33 min | Healthcare professionals are targeted by hackers via social engineering. This module will explain social engineering techniques in detail, and review HIPAA requirements regarding external requests for PHI.
Social Engineering for Healthcare Managers
8:49 min | This module explains the social engineering methods hackers use, review HIPAA requirements regarding external requests for PHI, and teach managers to work with staff to prevent PHI breaches and leaks.
Social Engineering for Healthcare Executives
7:33 min | This module covers social engineering techniques, reviews HIPAA requirements regarding external requests for PHI, and how healthcare executives support policies to prevent social engineering attacks.
Breach Notification for Healthcare Managers
8:54 min | This module details HIPAA’s definition of a breach, breach disclosure requirements (including an overview of the concept of safe harbor) and recommended breach detection and notification methods.
14:16 min | Our role-based HIPAA/HITECH module defines Protected Health Information (PHI), explains the need for PHI security and outlines best practices for handling PHI.
Introduction To HIPAA (Video)
1:23 min | This module briefly covers the main points of HIPAA compliance.
PHI Life Cycle (Video)
1:59 min | This video follows PHI from creation to disposal, and covers the specific definitions used by HIPAA to define that life cycle
HIPAA/HITECH for Healthcare Managers
14:21 min | This module defines protected health information (PHI), outlines best practices for handling PHI and the responsibilities of healthcare managers in protecting PHI and ensuring HIPAA compliance.
HIPAA/HITECH for Healthcare Executives
14:06 min | This module defines protected health information (PHI), outlines best practices for handling PHI, and explains the role healthcare executives play in ensuring HIPAA compliance by employees.
HIPAA Minimum Necessary Standard (Video)
1:54 min | This brief video extrapolates on how many people are authorized to access one person’s health records.
Mobile Security for Healthcare Professionals
7:02 min | This security awareness module covers best practices for healthcare professionals to ensure HIPAA compliance when using mobile devices to store or access protected health information.
Mobile Security for Healthcare Managers
7:32 min | This security awareness module covers best practices for ensuring HIPAA compliance when using mobile devices to store or access protected health information.
Malware and PHI
9:36 min | Malware infections are considered a HIPAA security incident. This module teaches healthcare professionals how to identify malware and actions organizations can take to avoid malware infections.
Ransomware and HIPAA
6:20 min | This short module will teach learners the risks of ransomware in the healthcare industry, including whether a ransomware infection is considered a HIPAA data breach.
Physical Security and PHI
10:19 min | HIPAA includes specific requirements for physical safeguards that every organization should have in place to secure protected health information (PHI).
Physical Security and PHI for Healthcare Executives
6:20 min | This module reviews best practices for physical security as it relates to HIPAA compliance, including facility access, device storage, physical record management, and electronic record transmission.
Physical Security and PHI for Healthcare Managers
12:14 min | This module reviews best practices for physical security as it relates to HIPAA compliance, including facility access, device storage, physical record management, and electronic record transmission.
Working Remotely for Healthcare Professionals And Providers
10:44 min | This module will outline HIPAA requirements for healthcare professionals working remotely, such as using encrypted VPNs and securing personal devices.
Get Our Weekly Blog Sent Straight to Your Inbox