March 15, 2023
2 Min Read
Safeguarding patient information is one of the most critical responsibilities of IT teams in the healthcare industry. With the incredible increase in cyberattacks targeting this industry (global healthcare cyberattacks increased by 74% in 2022), this job has never been more important.
It is also, at times, very complex. The ecosystem of entities that access, process, collect, and store sensitive health information is vast, from hospitals to clinics to health insurance providers. The number and types of devices leveraging electronic health information are also extensive. And no matter where the data resides, one fact is certain—it must be protected according to established rules.
For the healthcare industry, compliance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996 is an inextricable part of cybersecurity. In a new mini-report focused on the healthcare sector, we examine HIPAA, and its close relative, the Health Information Technology for Economic and Clinical Health (HITECH) Act. Before the birth of HIPAA, the healthcare sector had no uniform approach to addressing these challenges adopted across the industry, let alone every state. HIPAA changed that. But that left organizations with the responsibility to understand their environments and implement a compliance strategy that reduces risk and allows them to keep data safe as they leverage it to optimize patient care or handle business operations.
HITECH, meanwhile, was designed primarily to encourage hospitals to shift to electronic health records (EHR) and increase the use of health information technology. In addition, HITECH sought to ensure that protected health information was shared and accessed securely and expanded HIPAA’s protections. The law added a new reporting requirement for data breaches and made business associates directly liable for violations of certain HIPAA rules. In 2013, the U.S. Department of Health and Human Services issued the Omnibus rule that modified HIPAA to improve security and privacy protections and implemented provisions from HITECH.
In the ensuing years, securing protected health information has not gotten simpler. Healthcare organizations such as hospitals are frequent targets of cyber criminals. A glance at headlines from 2022 will turn up events such as the breach affecting Shields Health Care Group—proof positive that cyberattacks are not going into remission any time soon.
At Absolute, we have the solutions and expertise to help organizations on their HIPAA compliance journey and have included a discussion of a case study of our technology in the report. No matter where your organization is on that journey, it is critical to take a risk-based approach to compliance grounded in understanding the regulatory requirements and the realities of your IT environment.
Share this article