Kim Singletary is Director of Technical Solution Marketing at McAfee. Singletary has more than15 years of experience ...
2013 kicked off with the HHS announcing its first HIPAA breach settlement involving less than 500 patients. As the first settlement involving a breach of less than 500 individuals, this action sends a strong message to everyone in the healthcare industry that all organizations, regardless of size, are responsible for safeguarding patient health information. In the end, the organization in question was ordered to pay a $50,000 fine for just one stolen laptop.
These fines can be justified due to an overall lack of policy to safeguard patient data. The entity had not performed risk analysis to understand their gaps in protection, and it had not established basic policies or procedures to address mobile device security.
The thing is, it doesn’t take much to get started regardless of the size of your organization. Recently, Bill Hau from McAfee Professional Services/Healthare Risk Assessments and David Houlding, the Healthcare Privacy and Security Lead Architect from Intel helped outline 10 Reasons Why Healthcare Risk Assessments Fail. This webinar gives lots of tips on how to get the most from a healthcare risk assessment, as well as guidance on how often they need to occur in order to maintain HIPAA compliance.
For smaller healthcare organizations, cost is often cited as a hindrance to implementing additional security. But as the case above makes clear, there is in fact a large cost associated with doing nothing. Their $50,000 fine is in addition to the cost of providing state breach notification services like credit monitoring for a year after the incident, as well as any public relations or marketing costs to address business decline.
One of McAfee’s wishes for 2013 is to have a year where healthcare breach notifications start to decline, and healthcare IT can get back to providing services that improve quality of patient care.
For more on this topic and the most up-to-date information on McAfee news and events, follow us on Twitter @McAfeeBusiness.