Remember back in 2009 when the HITECH Act passed Congress? The basic premise was that by providing stimulus money, in the form of meaningful use funds, healthcare would transition to electronic medical records more quickly. With the data could come more efficient and less costly ways of managing patient health. For the most part that has happened, from a combination of HITECH and ACA.
What was also a core part of HITECH was the caution that with larger pools of richer data, better safeguards were needed. So the HITECH Act begat the Omnibus Rule which not only increased the compliance standards for covered entities but also extended it to millions of business associates. Has the protection of data worked as well as the collection? Not so much.
What has happened is that these richer data pools have attracted a newer more sophisticated risk; criminal hackers. Just 5 breaches in the first half of 2015 exposed 99.3 million patient records, all caused by hacker attacks. Another 33 hacker attacks exposed 2.4 million for a grand total of 101.7 million in the first half of 2015.
Our knight/CIO is correct, if a little late, in calling for the risk analysis or risk assessment after the attack has started. Risk assessments need to be done on a quarterly basis in this environment and be followed up with risk remediation and training of staff. HIPAA compliance is an on-going process. With automated tools available from Compliance Helper and ACR2 Solutions this can be done cost effectively and efficiently. The HIPAAssure® Cycle of Compliance is your assurance that you are compliant.
For further information contact Jack@compliancehelper.com or Jack.K@acr2solutons.com