The assumed answer is HIPAA. To clarify, HIPAA is an act and not a governing body of any sort. HIPAA’s rules and regulations are enforced by the U.S. Department of Health & Human Services (HHS) and their Office for Civil Rights (OCR). Besides Attorney Generals, other entities cannot enforce HIPAA, it acts as a standard for the healthcare industry and is used as a measuring stick for due diligence.
An organization who is HIPAA compliant has completed the appropriate audits, documented appropriate policies, had a qualified expert conduct a risk assessment, trained employees on how to handle patient data, ensured vendors were HIPAA compliant and enforced diligent security practices. Does this sound like your business? Chances are that if you are reading this blog, you are not so sure.
Unfortunately, with HIPAA you are either compliant or not, and most businesses are failing at the task. In this blog we will cover the fundamentals of compliance and key areas where organizations are having trouble.
A complex set of regulations like HIPAA requires constant work to keep up to date within an organization. With requirements ranging from six unique audits per year to training to vendor management, it is not a task that most healthcare organizations can devote the time to. An organization must be more than just familiar with the rules, they must study rulings against other organizations, stay up to date with any changes, update policies, and know cyber security well. This begs the question, who’s handling HIPAA for you and are they up to the task?
HIPAA rules have been applied by the federal government to protect the data of customers, patients, and users. The introduction and enforcement of HIPPA has stemmed the flood of data breaches in business organizations and the criminals who profit from selling customer data to other companies and nefarious individuals. We have discussed what HIPAA is and its role in business in previous blogs, this blog will focus mainly on the recent violations that cyber security authorities have seen in South Carolina.
Over the past few blogs we have studied some of the benefits of implementing monitoring solutions. While compliance drives this need for many industries, businesses will also find cost saving by uncovering breaches faster and decreasing overall investigation times. We have gone over the pros and cons of outsourcing the work. In the final part of this series we will summarize this information and discuss how Tandem Cyber Solutions approaches the topic.