Compliance for the Healthcare Industry
Healthcare organizations are not immune to regulations related to IT security and compliance. In fact, they are subject to specific IT privacy and security compliance obligations under federal medical record privacy laws. They are facing increased fines, liability and scrutiny. Despite limited funds and staffing resources due to decreasing budgets they must respond to the HITECH Act and HIPAA compliance. These regulations require health care providers to be aware of both internal and external factors that can compromise their institution’s IT infrastructure and electronic data.
The U.S. Department of Health and Human Services (HHS) issued the Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) and the Security Standards for the Protection of Electronic Protected Health Information (Security Rule) to implement the requirement of the Health and Insurance Portability and Accountability Act of 1996 (HIPAA).
The Privacy Rules’ main goal is to assure that individual’s health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well being. The Security Rule requires healthcare providers and payers to adopt specific policies and procedures to protect the confidentiality of individual’s health information while allowing covered entities to adopt new technologies to improve the quality and efficiency of patient care and relates to electronic protected health information.
The Health Information Technology for Economic and Clinical Health (HITECH) Act is yet another regulation that amends HIPAA and adds to the privacy and security concerns associated with the electronic storage and transmission of health information. Penalties for non-compliance can be up to $1.5 million.
With all of these regulations in effect and the threat of liability and fines it is imperative the healthcare providers and payers have a program in place that is tested on a continual basis. A critical component of any viable HIPAA compliance program is the ability to test data security, including social engineering and external penetration testing. Invest your resources in an affordable and respected service that will look at both your internal and external controls to ensure compliance. Don’t risk your business or reputation; call CSI at 888.494.8449 for more information.