CIO Influence
CIO Influence News Security

2023 HIPAA Guide from SecurityMetrics Bridges Healthcare IT Communication Gap to Protect Patient Data

2023 HIPAA Guide from SecurityMetrics Bridges Healthcare IT Communication Gap to Protect Patient Data

The Department of Health and Human Services’ Office for Civil Rights (OCR) has cracked down on HIPAA violation cases, resulting in a significant increase in fines and penalties for organizations who are in violation of HIPAA rules (HIPAA Journal). With a rising interest in data protection from the public, and continued, targeted attacks by threat actors, healthcare organizations are under pressure to keep their patients’ data secure, but often lack security resources to keep PHI safe.

SecurityMetrics released its 2023 Guide to HIPAA Compliance to help healthcare organizations secure their peace of mind and avoid a false sense of security. The 2023 HIPAA Guide helps healthcare IT and Risk Officers understand how to comply with the HIPAA Security, Privacy, and Breach Notification Rules–such as best practices for conducting risk assessments, training employees, testing incident response plans, and improving network security.

CIO INFLUENCE: Anglicare Leverages Ribbon and Switch Connect for Voice Consolidation and Path for Microsoft Teams Deployment

The updated 2023 guide includes more insights from HIPAA security analysts, improved diagrams and graphs, and cloud security for healthcare organizations. The 2023 HIPAA Guide covers the practical steps organizations need to handle the following:

  • Incident response plans
  • PHI encryption
  • Business associate agreements
  • Mobile device security
  • Cloud security
  • HIPAA-compliant emails
  • Remote access
  • Vulnerability scanning
  • Penetration testing

With new 2022 research data, the guide helps direct healthcare where to look for the highest risks. According to SecurityMetrics’ 2022 HIPAA survey data, organizations are getting better at external security measures like formal risk assessments. For example, in 2021, only 41% of health practices conducted formal risk assessments and in 2022, 43% did so.

CIO INFLUENCE: Datometry Releases Driver Integration for BigQuery, Further Future-Proofing Its Customers’ Investments

In other areas, healthcare continues to struggle with HIPAA and patient data security. Since 2019, surveyed organizations have decreased their training on the Security Rule by 46.4% and on the Breach Notification Rule by 53.7%.

Principal Security Analyst Jen Stone (MCIS, CCSFP, CISSP, CISA, QSA) says, “Many healthcare organizations understand the importance of HIPAA. They want to ensure the privacy and security of patient data, but they struggle because the law says what to do, not really how to do it. Our HIPAA Guide helps bridge that gap to give healthcare providers and business associates a way to implement policies, procedures, and security controls in a meaningful, HIPAA-compliant way.”

“This is the most comprehensive guide on HIPAA I have found,” said Crystal Hertz at National Health Foundation.

CIO INFLUENCE: Ericsson presents a Green Financing Framework

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Sotero Announces Data Security focused CISO Panel Discussion with FEPOC CareFirst BCBS and DXC Technology

New Data from Samsara Shows Operations are Becoming Increasingly Connected as Pandemic Accelerates Digitalization

CIO Influence News Desk

Fortinet Completes Acquisition of Lacework

GlobeNewswire