According to the reports of the HHS department it has been found that less than 10% of the HIPAA breaches were due to hacking incidents. But recently there have been a number of high profile cyber violations at Blue Cross Blue Shield etc. So obviously the next time these statistical reports have released the percentage of cyber breaches will be on the higher side.
We cannot deny the fact that the threat to cybersecurity is on the rise in all the sectors. The healthcare sector is no different. Here too cybersecurity threat is always one of the biggest concerns. In the year 2015 Verizon released a data breach investigation report. The financial loss as a result of such breaches was found to be around $ 400 million. According to this report, 60% of the violations were a result of the mistakes that the system administrators made. In 95% cases, the credentials were stolen from the customer’s device and then the hacker logged into the web applications with these credentials. 23% of the people opened phishing messages. 11% of the people clicked on suspicious attachments.
Most of the healthcare providers are covered entities and need to abide by the HIPAA certification rules and regulations. They must take good measures to prevent any risk of protected health information. It is important that the healthcare provider carries out a HIPAA risk analysis assessment every year. In this, they must check the probability of any potential danger to the electronic records. They must take proper steps to prevent any kind of violations.
The healthcare provider also has the option of selecting cybersecurity insurance. This insurance will surely be helpful if the breach occurs but the most important thing is to prevent any such breach from happening in the first place.
It is also important that the healthcare provider has a good HIPPA compliance training program and understands the importance of HIPAA certification. He must frame out proper policies and procedures which needed to be documented. It is also important that the healthcare provider invests in training his staff members on a regular basis and maintains the logs of the training dates for the auditor.
You must give your best shot to prevent any kind of violation from happening. But if unfortunately, any violation does happen then you need to be prepared. Make sure that you have a simple and comprehensive and up to date Breach Notification Policy. You must also make sure that you have enough coverage from your cybersecurity insurance policy. If you have still not purchased a policy then make sure that you buy one at the earliest.
Overall it is important that you have proper procedures and take proper measures in order to prevent any loss of protected health information due to lack of cybersecurity. Proper training of staff is one of the most important things as according to reports most of the breaches are due to negligence of staff or due to mistakes of system administrators. It is equally important to opt for the option of cybersecurity insurance.