Enhancing PHI Security – Know Your Risk, Access Expertise, Set a Plan
Featured Resource: PHI Protection Network
Annual Conference: April 10, 2014 Anaheim, CA
2014 will be a perfect storm for healthcare organizations unprepared to adequately safeguard personal health information. Expanded HIPAA regulations, enhanced HIPAA enforcement and stiff financial penalties mean the stakes for covered entities and their business associates are higher than ever. Chances are your organization needs to bolster its compliance plans – and corresponding budget – to deal with the rocky shoals looming ahead.
In recent months the Office for Civil Rights has imposed data-breach corrective action plans and settlements on healthcare organizations running the gamut from UCLA Medical Center and Affinity Health to CVS and Rite-Aid. The common denominator: none of them had conducted a security risk analysis!
In addition to identifying vulnerabilities, it’s just as critical to set an action plan to address them. Plugging in to a supportive community is a great place to advance your progress.
The complex and changing landscape of PHI privacy and security compliance makes it complicated to come up with solutions. Groups such as the PHI Protection Network (PPN), create interactive opportunities for senior privacy, compliance, and security officers to share best practices and develop tangible strategies for managing and reducing risk.
The next PPN event is the organization’s annual conference, being held Thursday, April 10, 2014, in Anaheim, California. This gathering is a powerful forum for organizations truly interested in doing more to strengthen their data protection programs. If you’re interested in the conference, you can register here.
Remember, the average cost of a data breach is about $200 per patient. If your organization loses a laptop containing 10,000 patient records, that cost can easily top $2 million. And that doesn’t include the harder-to-calculate costs of lost business or lost productivity. Make sure your organization is prepared. Know your risk, and then work hard to manage it.
Latest posts by Bob Chaput (see all)
- HIPAA Risk Analysis Tip – What Level of Detail is Adequate? - April 29, 2017
- HIPAA Risk Analysis Tip – How Comprehensive Must Your HIPAA Security Risk Analysis Be? - April 25, 2017
- HIPAA Risk Analysis Tip – Does OCR really use the “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”? - April 23, 2017