Since 2009 over 31.4 million people have had their health information compromised, and the HHS has levied nearly $30 million in fines against healthcare organizations in violation of privacy and security rules.
Robust automated filters and anti-virus programs are essential to preventing outside intrusions from compromising sensitive information stored on networks.
However, security breaches from within are as damaging to an organization as any outside attack. HIPPA regulations require that all healthcare entities “identify and analyze potential risks to e-PHI and implement security measures that reduce risks and vulnerabilities to a reasonable and appropriate level.”
In the news recently:
NRAD Medical Associates in Garden City New York
• 97,000 patients affected
• Radiologist improperly accessed records of patients who were not under the employee’s care
• Compromised data included names, addresses, dates of birth, diagnoses, health insurance information and Social Security numbers
Rady Children’s Hospital in San Diego
• 20,000 children affected
• Employee accidentally emailed personal health data to four job applicants
• Compromised data included names, dates of birth, clinical information
Cincinnati Medical Center
• Hospital employee accessed billing records of a patient with a sexually transmitted disease, which was then shared on Facebook
• HHS investigating for HIPPA violation and failure to report the incident promptly
A critical piece from HHS/HIPPA regulation includes:
Workforce Training and Management. A covered entity must provide for appropriate authorization and supervision of workforce members who work with e-PHI.17 A covered entity must train all workforce members regarding its security policies and procedures,18 and must have and apply appropriate sanctions against workforce members who violate its policies and procedures.
EdgeWave’s comprehensive security delivers advanced data protection across all devices. Easy to use award-winning solutions are backed by industry-leading support and services, including educational materials for workforce training.