What Does Anthem HIPAA Breach Mean to You?

What Does Anthem HIPAA Breach Mean To You?

Let’s look at some of the recent headlines: “Hackers target health care as industry goes digital”, (PC World), “Anthem hack: ‘Healthcare is a target’” (Healthcare IT News), “Why Hackers are Targeting The Medical Sector” (Washington Post). I could go on and on but I think you get the message; if you store, access, transfer or create PHI you are a target.

You probably don’t have 80 million records but with each record having a value of $100 to the hacker smaller targets are vulnerable as well. That is one side of the argument for getting HIPAA compliant and staying compliant but the other side is satisfying your business partners and clients that you are not a threat to them. It may even be your own company that tests you; “Would YOU Click? Twitter Bosses Email Staff Phishing Links To Test Cybersecurity” (CBS)

Let’s say that someone wants to test your HIPAA compliance, what would they ask for? They would probably start with asking for your most recent HIPAA risk assessment. This is a formal process that results in a Gap Analysis and Remediation Plan. Next they might ask for records of employees getting HIPAA training, a requirement under HIPAA. If they still weren’t satisfied they might ask for copies of privacy and security policies and procedures to see if they had been updated to meet the Omnibus Rule which became effective on September 23, 2013.

What are the basic requirements for being HIPAA compliant? A formal HIPAA risk assessment (Not a Checklist!) , a Remediation Plan, Documentation of HIPAA compliance activities, documentation of training and awareness, written policies and procedures that have been tailored to your business model, and a named privacy and security officer responsible for making sure all of this is up to date.

If you want more information, or demo of how to meet these requirements efficiently and cost-effectively contact me at jack@compliancehelper.com or go to www.compliancehelper.com .