Cybersecurity: It’s a healthcare risk issue
Wannacry may be the best thing that has happened to the healthcare industry in a long time. It brought to light just how terrible a job the industry does in protecting patients from identity theft. That's what it means to lose a patient's protected health information or PHI. PHI is now a currency on the black market. It is worth over a 100 times the value of a credit card record. If you're a covered entity (healthcare plan, healthcare clearing house, or healthcare provider) or a business associate (vendor that may touch PHI) then you are accountable for the protection of PHI and therefore liable for the loss of PHI. It is a major risk that can ruin a business.
What many in the healthcare industry don't grasp is that HIPAA is not about government restrictions via compliance. It's actually the government setting a standard to help the healthcare entity improve the protection of PHI. HIPAA helps you reduce the risk of operating a healthcare business by better protecting PHI. The sad part is very few healthcare entities have taken the first step of performing a valid Security Risk Analysis (SRA).
Doctors don't want to waste their money on something they consider foolish, like HIPAA. They'll take their chances of not being caught and audited; but, that's not the risk! The risk is loss of patient data, the loss of their practice, and now, potential jail time.
Hopefully, some covered entities heard the warning shot fired by Wannacry and will begin to take steps to improve their cybersecurity, becoming more HIPAA compliant and protecting the patients' valuable data in the process.
If you have any questions about cybersecurity, HIPAA, or a security risk analysis please contact us, we're happy to help.
Protect Your Patients. Protect Your Practice. Protect Yourself™