Healthcare

The U.S. Department of Health & Human Services (HHS) states that under the Security Rule all healthcare providers “must maintain reasonable and appropriate administrative, physical and technical safeguards for e-PHI … entities must identify and protect against reasonably anticipated threats to the security or integrity of the information.”
https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html

In 2018, the HHS reports receiving 197,049 HIPAA privacy rule complaints. So how do you “identify and protect” against threats? You don’t, we do that for you. It all starts when we assess potential security risks. This detailed risk analysis searches out all the data vulnerabilities in regard to how you store patient data and how you transfer that same data to authorized recipients (i.e.; those who require physical access to patient information such as doctors, billing departments, medical specialists, etc.). Our mission is to make sure you are in HIPAA compliance because your security standards comply with the HIPAA Security Rule. With the right security measures in place it reduces your worries and concerns of a HIPAA audit.
https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/index.htmlaverage

ThrottleNet is the best medicine for healthcare organizations wanting to feel better about meeting the Security Rule for HIPAA compliance. What we help you avoid are issues such as receiving a breach notification due to data security incidents. That’s because we put solutions into place to ensure access control and transmission security of medical information.

While this may seem obvious, eliminating security risks to prevent unauthorized access of electronic personal health information is not always taken seriously as evidence in a recent example highlighted in the HIPAA Journal: “Tennessee-based Community Health Systems operates over 200 hospitals, making it one of the largest healthcare systems in the U.S. In 2014, CHS discovered malware had been installed on its network. The malware allowed unauthorized individuals to gain access to patient information between April and June 2014. The cyberattack is believed to have been conducted by threat actors based in China.”

The HIPAA Journal continues by stating, “An advanced malware variant was used in the attack, which had the sole purpose of obtaining sensitive information. An investigation into the breach confirmed that patient data including names, addresses, phone numbers, dates of birth, and Social Security numbers had been exfiltrated. The PHI of 4.5 million patients was stolen by the attackers.””
https://www.hipaajournal.com/settlement-reached-in-community-health-systems-4-5-million-record-data-breach-case/

There may be some smaller medical practices that believe all the security safeguards required of a major healthcare system do not apply to them. This is not the case. And by not fully protecting personal medical information your practice may not be fully protected by insurance as, according to the HIPAA Journal, “A significant problem for small and medium sized medical practices is that not all insurance carriers cover the cost of a HIPAA breach. The cost of a HIPAA breach not only includes the fine, but also the cost of hiring IT specialists to investigate the breach, the cost of repairing public confidence in the medical practice, and the cost of providing credit monitoring services for patients. Insurers may also limit their coverage according to the nature of the HIPAA violation and the level of negligence.”
https://www.hipaajournal.com/hipaa-risk-assessment/

That’s why it’s smart to let ThrottleNet take care of all your IT+Security needs, especially as it applies to HIPAA.