Protecting patient information is no longer about HIPAA compliance; it’s about overall cybersecurity. As breach and hacking headlines fill the mainstream media more and more government agencies are stepping up the actions they are taking to ensure organizations keep sensitive information safe.

Facing increasing pressure to take action on organizations risking data breaches by not complying with HIPAA regulations, it looks like 2016 could certainly be expected to be the year of greater OCR enforcement.

In a report in late 2015, the HHS Office of the Inspector General (OIG) was publicly critical of a lack of action to ensure patient data was protected and demanded that the HHS Office of Civil Rights (OCR) strengthen its oversight and enforcement of HIPAA compliance.

This was followed up by a revealing report published by ProPublica stating that health care organizations are repeatedly violating HIPAA regulations with no consequences.

Public scrutiny of instances of noncompliance was increased further when ProPublica launched a new database that “allows consumers to search for privacy violations by health care providers, after an investigation revealed hundreds of repeat HIPAA offenders.”

OCR is not the Only Agency Investigating Lax Cybersecurity

Expanding the possible sources of legal fallout from a lack of sufficient cybersecurity measures, the Federal Trade Commission has made a public vow to consumers to ensure companies keep their privacy promises. And organizations in the health care industry are not exempt.

The FTC’s Protecting Consumer Privacy website states:

“When companies tell consumers they will safeguard their personal information, the FTC can and does take law enforcement action to make sure that companies live up these promises. The FTC has brought legal actions against organizations that have violated consumers’ privacy rights, or misled them by failing to maintain security for sensitive consumer information.”

It’s Official: Cybersecurity is Recognized as a Very Real Threat

The newly passed Cybersecurity Information Sharing Act of 2015 illustrates the increased government focus around data privacy and security, and reinforces the need for the health care industry to keep patient information safe from cyber attacks. It stipulates that the HHS must report the industry’s preparedness status directly to Congress.

Health care is facing a perfect storm of increased cybersecurity threats, high-profile breaches in the media, more individual responsibility for upper management and mounting scrutiny on HIPAA compliance and security of sensitive information.

As a result of the mounting scrutiny on HIPPA compliance, it’s no longer a question of if health care organizations will face stiffer enforcement, but when and where that stronger enforcement will come from.


3 Resources to Prepare for Stronger Enforcement

Stronger HIPAA enforcement is a positive step in today’s world, where the number and severity of cyber attacks is escalating. Your organization can prepare now—and not only avoid the penalties of noncompliance, but ensure your patients’ personal data is safer and more secure.

Take advantage of these resources to strengthen your compliance and cybersecurity program. Make sure you are well prepared for an audit or investigation!

  1. Review your HIPAA compliance program using Clearwater Compliance’s complimentary risk analysis.

A lack of information security has become one of the largest legal risks facing health care organizations. Our complimentary HIPAA Risk Analysis Assessment walks you through the nine essential elements of a bona fide risk analysis.

  1. Bring your knowledge up to date at our HIPAA Compliance and Cybersecurity BootCamp™.

The Clearwater BootCamp™  distills the critical information you need to know about the HIPAA Compliance and cybersecurity best practices into one action-packed day. View the dates of our next BootCamp™.

  1. Download one of these free guides.

Risky Business: How to Conduct a Bona Fide HIPAA Security Risk Analysis.This white paper provides insight to help covered entities and their business associates understand and act on the specific risk analysis requirements included in the HIPAA Security Final Rule, as amended by the HITECH Act.

Harnessing the Power of NIST: Your Practical Guide to Effective Information Risk Management. This document provides a comprehensive overview of the industry-leading NIST Cybersecurity framework. It includes guidance on how to adopt the framework in your organization.

The Five Most Critical Issues Threatening Protected Health Information Today: And What Health Care Professionals Can Do About Them. This white paper shares tips on how to tackle the complex issues around information security and data protection.

HIPAA webinars

Clearwater Compliance

Clearwater Compliance helps healthcare organizations ensure patient safety and improve the quality of care by safeguarding the confidentiality, integrity and availability of protected health information (PHI).

We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.