HHS OCR: PHI Security is your top priority
If you haven't noticed, cybersecurity is a major issue in the world, politically, economically, and even personally. No one wants their identity stolen. No business wants to deal with customer (patient) retaliation caused from losing their personal health information, whether it's boycotting, bad press, negative social media or a class action lawsuit.
In general the U.S. government is taking action to help protect small businesses by requesting a new standard cybersecurity guide be written by the National Institute of Technology. More specifically for the healthcare industry, the Health and Human Services Office of Civil Rights is now checking to make sure all covered entities are taking steps to improve cybersecurity to protect PHI. The HHS OCR now requires that covered entities and business associates can show they have a risk management plan in place and are correcting issues found in the security risk analysis (risk assessment).
If you're a healthcare provider you might ask, "How do I secure PHI?" I actually wrote a blog about this recently. Check out that blog for starters. If you have not performed a Security Risk Analysis you should do that first. That should give you a prioritized list of issues you must address. The top priority should be cybersecurity.
We strongly suggest you use a next generation compliance management tool, like CompassDB, to manage your HIPAA compliance. It makes HIPAA compliance simple, easy, and affordable.
Take action, Protect Your Patients, Protect Your Practice, Protect Yourself.