Enhancing PHI Security – Know Your Risk, Access Expertise, Set a Plan

Featured Resource:  PHI Protection Network
Annual Conference: April 10, 2014 Anaheim, CA

2014 will be a perfect storm for healthcare organizations unprepared to adequately safeguard personal health information. Expanded HIPAA regulations, enhanced HIPAA enforcement and stiff financial penalties mean the stakes for covered entities and their business associates are higher than ever. Chances are your organization needs to bolster its compliance plans – and corresponding budget – to deal with the rocky shoals looming ahead.

In recent months the Office for Civil Rights has imposed data-breach corrective action plans and settlements on healthcare organizations running the gamut from UCLA Medical Center and Affinity Health to CVS and Rite-Aid. The common denominator: none of them had conducted a security risk analysis!

Learn more about conducting a bona fide HIPAA security risk analysis here.

In addition to identifying vulnerabilities, it’s just as critical to set an action plan to address them. Plugging in to a supportive community is a great place to advance your progress.

The complex and changing landscape of PHI privacy and security compliance makes it complicated to come up with solutions. Groups such as the PHI Protection Network (PPN), create interactive opportunities for senior privacy, compliance, and security officers to share best practices and develop tangible strategies for managing and reducing risk.

The next PPN event is the organization’s annual conference, being held Thursday, April 10, 2014, in Anaheim, California. This gathering is a powerful forum for organizations truly interested in doing more to strengthen their data protection programs. If you’re interested in the conference, you can register here.

Remember, the average cost of a data breach is about $200 per patient. If your organization loses a laptop containing 10,000 patient records, that cost can easily top $2 million. And that doesn’t include the harder-to-calculate costs of lost business or lost productivity. Make sure your organization is prepared. Know your risk, and then work hard to manage it.

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.