IT | Security

Avoiding Massive HIPAA Violation Fines

By: Absolute Editorial Team | 10/1/2014

The seemingly continual and high profile news surrounding healthcare data breaches, as well as recent changes to HIPAA, are forcing the healthcare industry to take security even more seriously than before. Organizations face increasing fines associated with data breaches. In May 2014, New York Presbyterian Hospital and Columbia University Medical Center reached a settlement agreement with HHS to pay a $4.8 million fine for HIPAA violations. This follows earlier settlements also reaching seven figures.

According to HHS data, device theft is still the leading cause of information breaches in healthcare. Forrester Research recently confirmed these findings, showing how employee endpoints are a weak point for data loss in healthcare. Forrester’s research showed that healthcare records are five times as likely to be lost due to device theft / loss.

TechTarget’s Mike Chapple recently put together a list of 3 Steps to Avoid Massive HIPAA Violation Fines, which looks at these recent HHS settlements and how to avoid similar situations:

  1. Follow formal decommissioning procedures for all devices to risk disclosing data accidentally
  2. Step up mobile device security (laptops, tablets, smartphones). Basic security measures to avoid compliance issues would be encryption, with solid assurance of compliance provided by solutions such as Absolute Computrace
  3. Know where PHI resides through proper reviews, data tracking, DLP and security policies. Particular attention should be given to PHI on personally-owned devices and solutions that can mitigate these risks.

Absolute Computrace allows organizations to persistently track and secure all of their endpoints within a single cloud-based console. Devices can be remotely managed and secured to ensure, and prove, that endpoint IT compliance processes are properly implemented and enforced. This includes ensuring encryption is up to standards and compliance logs to prove when data was last accessed and when a data wipe occurred, avoiding costly data breaches if a device is lost or stolen.

Absolute DLP can identify sensitive data and enforce policies for simple, all-in-one network, storage and endpoint data loss prevention.

Learn more about Absolute Software’s healthcare solutions here.