HIPAA is not just
about privacy.
It's also about security.

Keeping data private and protected means securing it against unauthorized access.

HIPAA enforcement will be set in the courts.

lock-key.png

Financial and patient information has become a source of "Gold" worth stealing. Unfortunately, while HIPAA defines the requirements, it does not define what practices and procedures meet these requirements. In the end, enforcement may be accomplished through litigation.

July 2008 marked a milestone in the HIPAA saga. For the first time since the privacy and security rules were enacted, a covered entity was required to pay a fine. Seattle-based Providence Health & Services agreed to pay $100,000 as part of a settlement with the Office for Civil Rights (OCR) and the Centers for Medicare & Medicaid Services (CMS) that resulted from a joint investigation following the receipt of 31 complaints.

As the courts begin to define HIPAA regulations, wise precautions will serve a practice well. The question before the courts will not be "did you make a reasonable effort from your point of view?" Rather, they will ask "how did your effort align with the generally accepted practices and procedures of the IT industry? Did you follow accepted protocols? And do you have a method of monitoring what is going on around your internet door?"

Some offices may be in for a rude awakening.

We know of offices who -- because they need access to their MacPractice and their office LAN -- leave open one Internet port to allow remote database access. This is an astonishingly bad decision. It's like turning the lights out but leaving the front door unlocked.

Unfortunately, the internet is no longer a friendly place. An open port means that everyone can have access. A PC exposed to the internet can be compromised in less than 10 minutes. A Macintosh may take longer, but one can no longer expect that the courts will be understanding of the omission to take proper action to secure the network.

Now, Read what we do to Protect You


Copyright © 2011 Odyssey Communications Group Dallas, TX 972 997-9052