HIPAA Health Insurance Portability and Accountability Act – What is Required to be Compliant?
Have you ever heard about the HHS “Wall of Shame-HIPAA”? This website outlines all companies that have had security breaches in the past 10 years that impacted 500 or more individuals. What is meant by a security breach? When any patient goes to a doctor his/her private information (such as SSN) is recorded along with his/her health records and entered into a database. When a breach into this database occurs, patient data often falls into the hands of criminals. If you go to the “wall of shame”, you’ll see some small companies but also some very big companies which you may be very familiar with, most notably insurance companies, hospitals which have had security breaches in the recent years.
Why do we have so many security breaches happening? There are several factors causing data security breaches.
- Viruses and Malware are by far the biggest cause of breaches
- Human error is also a fairly high contributor
- Poor maintenance of the computer network
There are a very large number of viruses and malware that are sent by hackers every day to millions of computers. They have the capability to do data mining, that means once they get firmly into a computer or server, they can review all the available data on that machine and transfer it to back to the hacker’s computer.
This is how the data breach at the TARGET stores happened in the 4th quarter of 2013. A virus was able to penetrate the network without being noticed. By the time the administrators became aware of the virus it had already done extensive damage.
Human error can happen in many forms, a good example for this is a case that happened at Massachusetts General Hospital where an employee who wanted to work over the weekend from his/her home and proceeded to download sensitive patient data into a laptop and on the way home the laptop was stolen. There has to be certain rules which employees in a business have to follow strictly, obviously one of the rules would be “to not download any sensitive data into personal laptops or ipads and other handheld devices”.
Having a well maintained computer network environment is of paramount importance. At CMIT Solutions we provide all the key ingredients to keep a network safe. From monitoring and managing all the devices within the network to doing safe offsite backups and more.
How does a business become HIPAA compliant? This is a step by step process. First you contact CMIT Solutions. We are going to stop by and go over a questionnaire with you to understand the setup of your entire network. The questions are designed to pinpoint security problems. We may also ask for your permission to grant us access to some parts of the network. Once we have all the information on hand we’ll go back and come up with an action plan how to make your network safe. Please note that we can never guarantee 100% security, because every day some new viruses are created and there is no guarantee that existing software will catch them, but we can guarantee 99% security.