With HIPAA Audits Looming, How Will You Get Around Data Security Roadblocks?

ContentMX Our Writing Portfolio

In healthcare, staying HIPAA-compliant is a priority. But the rise of cloud computing, mobility and the Internet of Things (IoT) have added additional complexities that make protecting patient information and staying HIPAA-compliant all the more difficult. With a new round of OCR HIPAA compliance audits scheduled, it’s time for healthcare firms to review their current security measures and identify their biggest roadblocks—and strategies to get around them.

Rapid Innovation Leaves Security Playing Catch-Up

It wasn’t so long ago when healthcare providers relied mostly on paper-based files. But new technologies and regulatory mandates have transformed the industry and led to the widespread use of electronic health records, telemedicine, smart devices and other digital solutions.

In the race to innovate, many providers have treated cybersecurity as an afterthought—overlooking the risks of managing valuable patient data in an environment where every device that connects to the network is an additional, potential open door for hackers. Even when security is a priority, it isn’t always obvious when formerly dumb devices become smart, connected and potentially dangerous.

HIPAA Compliance Critical To Providers’ Financial Health

Failing a HIPAA audit can have severe consequences, with penalties of $50,000 per violation or $1.5 million per calendar year.

With stakes like these, it’s critical for providers to take steps to make cybersecurity top of mind. And while healthcare providers consider cybersecurity to be one of the most challenging aspects of preparing for HIPAA audits, they know it’s vital.

To help healthcare providers close the gap between the sophistication of their technology and strength of their cybersecurity, a number of best practices are emerging. These include data encryption processes to keep data secure when it’s at rest and in transit, and multi-factor authentication protocols to limit data access to authorized users. With the increase of dependence on tablets and smart phones, mobile device management software that remotely wipes data from lost devices helps keep medical information safe when accessed is a necessity.

Firewalls are still an important part of cybersecurity, even as perimeters between internal and external network environments blur. Next generation firewalls combine traditional firewall controls with advanced features like intrusion protection systems to help in identifying potentially unsafe programs. In addition, internal segmentation firewalls should be used inside the network and in front of the data center as part of a defense-in-depth approach providing additional security around sensitive applications and datastores managing PII and PHI.