In a recent Geico commercial, a group of teens are scrambling to avoid imminent danger. One teen says tearfully, “Why can’t we just get in the running car?” Another responds by asking the girl if she’s “crazy” and suggests hiding behind a wall of dangling chainsaws in a toolshed. Of course, the group deems this a great idea. GEICO had fun with the fact that “if you’re in a horror movie, you make poor decisions.” The really scary thing> This is a scenario that plays out all too often in response to HIPAA compliance as well.

Many organizations are either inaccurately discounting their liability within the regulations, are largely unaware of their responsibilities or are just trying to stay out of sight, and thus harm’s way. Just like those misguided teens in the commercial, you might not want to look up at the dangling chainsaws, or behind you, where the guy who uses the chainsaws is standing, hockey mask and all.

I’m not usually big on scare tactics, but in the spirit of Halloween and the reality that there is more to fear than fear itself, here are three reasons you should be afraid, very afraid, when it comes to HIPAA compliance.

1. There is Nowhere Left to Hide

The Omnibus Final Rule officially went into effect in late 2013, but many organizations still aren’t fully aware of the changes in the regulations and the major financial, operational and legal risk management consequences for all Covered Entities, as well as Business Associates and Subcontractors that were not previously required to comply with HIPAA.

Omnibus was the largest and most consequential expansion and change to the federal privacy and security rules since the beginning of the HIPAA privacy and security programs, including the penalties that the Office for Civil Rights (OCR) could impose for violations of the HIPAA rules.

If your organization accesses, creates, receives, maintains or transmits PHI or ePHI, which is just about everyone in the healthcare space, HIPAA applies to you in a big way. You can’t avoid it any longer.

2. Danger Lurks in the Darkness

Earlier this year, Community Health Systems garnered a lot of press for a data breach of 4.5 million patient records, following a successful cyber attack by hackers that originated from China. Medical ID theft is on the rise, as more sophisticated, career hackers are realizing the valuable information they can snag from patient records. In fact, a recent FBI alert highlights just how real this threat is to the healthcare industry.

While internal threats, which usually involve people that work for you, still rank as the most likely causes for data breaches, there’s no denying the increasing dangers from cyber attacks that lurk within the ether of the Internet, waiting to sink their teeth in your data.

hipaa horror

3. The Enforcers Are Everywhere

On the heels of a court decision upholding the Federal Trade Commission’s authority to enforce data security, the Securities and Exchange Commission announced plans to launch more than 50 exams to assess cybersecurity preparedness. Meanwhile, OCR has continued to step up its enforcement of HIPAA, levying significant financial penalties on organizations that fail to prove they have made good faith efforts to safeguard sensitive data. If that’s not enough to scare you straight when it comes to HIPAA, you should read about the real cost of a data breach. Spoiler alert: It’s not insignificant.

With all this in mind, rest assured that if you’re hiding beneath the chainsaws, there is a running car waiting to take you to safety.

Click here to access a free webinar that will provide you with the keys to getting started, including how to conduct a thorough analysis of your information security risks and set a plan for strategically and systematically managing those risks.

Unlike Halloween, or a good horror flick, the threats you face are real and lasting. Don’t be haunted by a bad business decision in the future. Attack these fears head on with a proactive plan that protects your revenue and your reputation, not to mention the privacy of those you serve!

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.