Advances in security technology and increased governmental cybersecurity initiatives have not been enough. Attackers will not abandon their pursuit of unprotected patient data and they are getting more sophisticated every day. According to the Identity Theft Resource Center, this past year healthcare entities accounted for 27.4% of reported data breaches.
It’s clear that the healthcare industry is less prepared with HIPAA compliance than patients expect. HIPAA compliance, especially the Security Rule, has never been more necessary as the value of patient data continues to rise on the dark web.
Based on the Department of Health and Human Services’ (HHS) Health Insurance Portability and Accountability Act (HIPAA), security experts conducted 4 surveys in 2017. These surveys were intended to provide statistical reference and analysis of HIPAA’s Security, Breach Notification, and Privacy Rules and how the rules are applied in different aspects. Over 300 healthcare professionals responsible for HIPAA compliance at their organization responded. Here is what was found in areas like HIPAA training, risk analysis, and encryption:
- 26% of organizations do not conduct a formal risk analysis
- 19% of organizations report they send emails with unencrypted patient data
- Only 38% of organizations train employees on the HIPAA Breach Notification Rule
As you can see, there is a long way to go and there is plenty of work left to be done in the healthcare market. Compliance should be a joint effort that is shared among all of your staff. Regardless if you are your organization’s Compliance Officer, or not. You should be paying attention to the vulnerabilities and reporting them to the right person within your organization.