Back in 2015, Anthem Corp. witnessed one of the biggest data breaches in the history of US Healthcare system. Although financial and medical data weren’t “compromised” as per the official statement, personal identifiable information on more than 78 million US citizens was leaked.
Anthem was considered a healthcare insurance leader back then. Its several brands like Georgia Blue Shield, Empire Blue Cross and Amerigroup Blue Shield and such were also exposed. So what caused such a massive disaster that led to them paying $16 million to the Office of Civil Rights(OCR) for the Department of HHS?
It all started when an Anthem employee clicked a link they received through a malicious email.Who would’ve guessed that the cute dog pic they received installed some malware in their system? Unfortunately, that’s what happened and as time went by, hackers were able to infiltrate every system in the organisation.
Many companies and corporations have cyber security firms detect such malicious emails and other possible trojanware, and block them from ever entering the system. After this breach, Anthem retained Mandiant, a cybersecurity firm with which it worked previously on many instances.
Data exposures such as this are very common than one one might think. And it’s not always those bigger corporations that get violated. It’s more likely that PHI(Protected Health Information) in small hospitals and healthcare centers gets exposed more easily. According to Health Information Management and Systems Society (HIMSS), more than 6 out of 10 healthcare providers reported that their IT department is understaffed. Adding to that, we don’t have up-to-date computer hardware systems, improper IT infrastructure, inactive patches and poor audit management.
If you’re a Dentist or a Chiropractor or even a small healthcare business owner, there’s always the need to protect your data and maintain a state-of-the-art IT infrastructure. If all this is feeling burdensome already, then you need to hire an IT professional who can set it all up and relieve you of these technological responsibilities. If you’re in Pittsburgh, then you’re in luck. Preferred IT Solutions is a HIPAA compliant Service provider and it got everything covered for you.
Also, Health Insurance Portability and Accountability Act(HIPAA), which has been evolving continuously since its inception in 1996, is expected to bring in even more reforms this year than ever before. Of all the reforms done, 2003 HIPAA Security rule, which provides for the protection of individual’s private health information(ePHI) and adoption of new technologies and standards for better performance and efficiency of patient care is of utmost significance for all healthcare professionals. Also now, ePHI protection has been made mandatory by HIPAA.
Keeping in mind the struggles and difficulties many healthcare entities, providers and professionals may face regarding the HIPAA Security protocols, HIPAA Act itself made provisions for IT Services and Cybersecurity firms to take part in BAAs(Business Associate Agreements). BAAs are written documents that specify what the responsibilities of IT services and other firms are and also the methods the healthcare entity needs to adopt to, along with granting ePHI data access and permissions to them.
BAAs are crucial as they also include the procedures need to be followed in order to share information to any third party( in case of treatment or such) without violating any security protocols.Such third party sharing often results in data misuse if established procedures aren’t followed.
Apart from this, HHS requires Physical safeguards and Administrative safeguards to be taken by healthcare entities. Physical Safeguards are related to the procedures and policies involved in protecting hardware systems where ePHI is stored. As for Administrative safeguards, these are policies designed so as to develop, implement and maintain security properly in order to protect the ePHI.
And to detect any misuse or improper infrastructure, Security act requires healthcare professionals and entities to perform risk analysis and backup regularly and detect any anomalies. If a BAA is signed between a IT service provider and the the healthcare entity, then it’s the responsibility of the former to conduct them.
So if you’re an independent practitioner or a working doctor or a health professional in a health corporation or even a concerned citizen of our country, then you need to check if the protocols are in place and if there’s an IT professional or Service provider who’s taking care of the data protection and infrastructure and if they’re compliant with the HIPAA rules.
Again, if you’re in Pittsburgh or around here somewhere, feel free to contact us and we’ll make you HIPAA compliant and implement proper security measures, build efficient infrastructure for your organisation and do background checks whenever needed, be it small or big.
Let’s protect the data of our patients together. For their privacy is of utmost importance, only next to their personal wellbeing.