Best Practices For HIPAA Compliance & HIPAA Privacy
Article Courtesy of: Forbes
Industries such as healthcare and financial services are special targets for data breaches and cyber criminals because, as bank robber Willie Sutton said, “that’s where the money is.”
Every week, we read another story about cybersecurity breaches.
The growing use of social media intensifies this risk, as users consider themselves part of a “tribe” and naively click on links from their “friends” and introduce malware into the organization. Or they inadvertently share personal information about patients or clients. Cybercriminals use also personal information shared on social media to trick users into giving up passwords, hacking accounts and worse.
What can firms entrusted with client information do to protect client data as well as their own reputations? As the discussion about privacy and security intensifies globally, I recently learned that the Health Insurance Portability and Accountability Act (HIPAA) was one of the first regulators to address these issues.
At a recent cybersecurity event, Ryan Blaney and Gregory Fliszar, both of Cozen O’Connor, a large, full service law firm, outlined compliance best practices for the Health Insurance Portability and Accountability Act (HIPAA). Industries outside of healthcare, such as financial services, can benefit from learning about these practices, as many of the same principles apply.
“When you talk about privacy, confidentiality, cyber security in healthcare, you need to talk about HIPAA. It’s the 800-pound gorilla in the room” said Fliszar. In addition to health plans, physicians and hospitals, HIPAA also applies to businesses that never thought they were part of the healthcare industry. If your business handles patient information in any way, you need to know what to do to stay compliant with HIPAA, continued Fliszar.
Two Components of HIPAA: Privacy and Security
The Privacy rule sets the standards, processes and policies for access to personal health information (PHI). In short, you are not allowed to use or disclose patient information without authorization except for certain exceptions such as law enforcement and litigation.