It seems that the data security landscape is constantly changing. Every day, new threats arise and fresh best practices emerge to keep companies at the forefront of protecting sensitive information. PKWARE’s staff of experts in data security share their thoughts in our blog, highlighting the most current topics on data security, management, and reduction. Check back frequently and join the conversation.

Healthcare Considers New HIPAA Data Compliance Rules

Posted by on in Compliance

According to the most recent analysis of the past year's healthcare data breaches, Health Insurance Portability and Accountability Act (HIPAA) violations are on the rise. U.S. Department of Health and Human Services Director Leon Rodriguez explained at the recent American Healthcare Lawyers Association conference that over the past three years, more than 70,000 HIPAA violations have been reported.

The Department of Health and Human Services analyzed this data when developing its HIPAA compliance rules, which went into effect last week. Businesses will have until September to make sure their data is secured according to the new regulations, reported Smart Data Collective.

Rodriguez explained that one of the biggest changes in the rules will be the liability placed on "business associates and their subcontractors," which was found to be the area where the most instances of data breaches occurred. This means that organizations will have to show that they have comprehensive data protection policies and procedures in place and are maintaining compliance through regular evaluation and improvement.

"Compliance is continual, not done once and set aside when inconvenient," Rodriguez said at the conference. "You can live 100% right, and still have a breach. The world is not perfect, and breaches are still going to happen. What we're going to look at is, have you done everything you reasonably can do to prevent breaches? Have you done a risk assessment on an ongoing basis?"

The Department of Health and Human Services will also increase the amount of the fine levied against businesses found to be in violation of HIPAA data compliance rules. In the past, the maximum penalty per year per provision violated was $25,000. In the future, this will be raised to $1.5 million per violation, reported Reuters.

Common causes for data compliance issues
Rodriguez explained that the majority of breaches that occurred over the past year were a result of theft, loss, unauthorized access or disclosure by employees. Generally, this is because companies have outdated or insufficient technology in place. One-fourth of the breaches were from paper records. Mobile devices represent another common source of data security incidents.

Rodriguez sees one possible solution to these problems. Data encryption protects information across multiple devices, when it is being stored and while it is in transit. Encryption reduces the impact a breach will have and protects healthcare companies against non-compliance fines and other penalties. 

Tagged in: Compliance Data Breach Data Encryption Data Security HIPAA

Comments

  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest Wednesday, 02 October 2013