Go beyond the minimum HIPAA requirements
The Health Insurance Portability and Accountability Act (HIPAA) requires covered entities to protect and confidentially handle patients’ protected health information. MSPs, physicians, and their organizations must remain vigilant or risk violating HIPAA. Most organizations don’t set out to violate HIPAA, but misunderstanding the law can lead straight to a breach that could have been easily prevented.
Meeting the bare minimum required by HIPAA might satisfy the letter of the law, but hardly the intent. Remember, many states have stricter security laws than HIPAA, and when that’s the case, HIPAA requires the organization to default to the state’s stricter laws. HIPAA compliance is meant as a basic floor for security. Against today’s sophisticated cyberattacks, that minimum might not save an organization from a security incident, such as a ransomware attack, that could cause serious and expensive damage.
Compliant has never meant secure, says Kevin Beaver, CISSP, independent security consultant at Principle Logic, LLC, in Atlanta. “Yet people continue to make decisions supporting short-term compliance efforts with minimal thought going into long-term information privacy and security improvements.”
Source: News & Analysis